The output I dumped was from route-views.routeviews.org. On affected prefes you get 7843->6453->nothing unaffected prefixes get 7843->6453->15169. Unaffected prefixes don't have more specifics from 10512. My sample size is only 8 though with a mix of affected and unaffected users. JM On Tue, Jan 2, 2018 at 9:30 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
it looks like 203040 is a pure transit as (no originated prefixes) and 1103 - surfnet could squish what is your view anyway.
On Tue, Jan 2, 2018 at 9:29 PM, Christopher Morrow < morrowc.lists@gmail.com> wrote:
On Tue, Jan 2, 2018 at 8:50 PM, James Milko <jmilko@gmail.com> wrote:
Not sure if anyone from Spectrum is looking here at this hour, but someone is hijacking a few of your prefixes. It's causing problems in my area (NC) with reaching Google services. I'm sure there are other impacts, but that's what people are noticing.
Sorry if this hits the list twice, I sent it from the wrong e-mail address the first go round.
* 107.12.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i *> 103.247.3.45 0 58511 203040 10512 i * 107.13.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i *> 103.247.3.45 0 58511 203040 10512 i * 107.14.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i Network Next Hop Metric LocPrf Weight Path *> 103.247.3.45 0 58511 203040 10512 i * 107.15.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i * 103.247.3.45 0 58511 203040 10512 i
E-Forex you say? shocker:
AS | BGP IPv4 Prefix | AS Name 10512 | 102.164.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 102.194.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 103.116.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.128.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.129.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.130.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.131.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.12.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.13.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.14.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.15.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 14.5.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 147.17.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 180.237.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.183.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.185.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.186.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.187.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.188.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.189.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.190.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.191.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.192.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.193.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.194.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.195.0.0/16 | EFOREX-AS - E-FOREX, US
I'm going to guess they are hijacking a bunch of space and sending spam? (the 42/8 space is variously telecom malaysia and china unicom) the 102 space is un-allocated afrnic space... probably no good these folk are up to.