[194299] in North American Network Operators' Group
Re: AS9498 Bharti BGP hijacks
daemon@ATHENA.MIT.EDU (Youssef Bengelloun-Zahr)
Sat Apr 1 18:09:49 2017
X-Original-To: nanog@nanog.org
From: Youssef Bengelloun-Zahr <bengelly@gmail.com>
In-Reply-To: <CACWOCC9Dfq0hTdfX29jHAx=Jfuwr5LO7mCj4f9UJsBpZMaw7wQ@mail.gmail.com>
Date: Sun, 2 Apr 2017 00:09:41 +0200
To: Job Snijders <job@instituut.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hi,
What's more concerning here is that those prefixes were able to pass through=
all filters on their way, via their transits and maybe probably via their p=
eers as well. Haven't we been here before !?!
And here I thought 2017 internet would be a "safer" place. Silly me...
Y.
> Le 1 avr. 2017 =C3=A0 23:33, Job Snijders <job@instituut.net> a =C3=A9crit=
:
>=20
> Hi all,
>=20
> Perhaps another explanation is that these are router2router linknets
> between the involved parties, and all we are seeing is the effect of
> "redistribute connected". If this is the case, the word "hijack" might be
> somewhat strong worded.
>=20
> Kind regards,
>=20
> Job
>=20
> On Sat, 1 Apr 2017 at 23:25, Tyler Conrad <tyler@tgconrad.com> wrote:
>=20
> So not only are they hijacking prefixes, they're leaking the /30s to thei=
r
> peers. Failure through and through.
>=20
> On Saturday, April 1, 2017, George William Herbert <george.herbert@gmail.c=
om
> wrote:
>=20
>>=20
>> Hey, Bharti, knock that off.
>>=20
>> http://bgpstream.com/event/78126
>> http://bgpstream.com/event/78125
>> http://bgpstream.com/event/78124
>> http://bgpstream.com/event/78123
>> http://bgpstream.com/event/78122
>>=20
>>=20
>> Sent from my iPhone
>>=20
