[170641] in North American Network Operators' Group
Re: BGPMON Alert Questions
daemon@ATHENA.MIT.EDU (Erik Bais)
Wed Apr 2 17:10:07 2014
In-Reply-To: <CALNCVY7MesSjHpdtJJeFJJ-R1yiONEiiThJHVfP6EzvD7Da1Qw@mail.gmail.com>
From: Erik Bais <ebais@a2b-internet.com>
Date: Wed, 2 Apr 2014 22:41:31 +0200
To: Felix Aronsson <felix@mrfriday.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We are getting multiple alerts for a mix of our and customers prefixes.=20
Could someone from HE tell if they started filtering yet ?=20
Erik Bais=20
Verstuurd vanaf mijn iPad
Op 2 apr. 2014 om 21:21 heeft Felix Aronsson <felix@mrfriday.com> het volgen=
de geschreven:
> Seeing the same here for a /21. This seems to have happened before with
> AS4761? See http://www.bgpmon.net/hijack-by-as4761-indosat-a-quick-report/=
from
> january 2011.
>=20
>=20
> On Wed, Apr 2, 2014 at 8:51 PM, Joseph Jenkins
> <joe@breathe-underwater.com>wrote:
>=20
>> So I setup BGPMON for my prefixes and got an alert about someone in
>> Thailand announcing my prefix. Everything looks fine to me and I've
>> checked a bunch of different Looking Glasses and everything announcing
>> correctly.
>>=20
>> I am assuming I should be contacting the provider about their
>> misconfiguration and announcing my prefixes and get them to fix it. Any
>> other recommendations?
>>=20
>> Is there a way I can verify what they are announcing just to make sure th=
ey
>> are still doing it?
>>=20
>> Here is the alert for reference:
>>=20
>> Your prefix: 8.37.93.0/24:
>>=20
>> Update time: 2014-04-02 18:26 (UTC)
>>=20
>> Detected by #peers: 2
>>=20
>> Detected prefix: 8.37.93.0/24
>>=20
>> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
>> Provider,ID)
>>=20
>> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority o=
f
>> Thailand(CAT),TH)
>>=20
>> ASpath: 18356 9931 4651 4761
>>=20
