Haven't really been following, but you've got a 50/50 shot for BGP on Cogent for us, but Level3 is shorter so would take precedence. 208.110.48.0/20 3356 29791 11325 i 174 1299 29791 11325 i 208.110.49.0 3356 12189 19181 33611 i 174 12189 19181 33611 i -----Original Message----- From: Ido Szargel [mailto:ido@oasis-tech.net] Sent: Tuesday, January 31, 2012 3:06 PM To: Schiller, Heather A; Kelvin Williams; nanog@nanog.org Subject: RE: Hijacked Network Ranges - paging Cogent and GBLX/L3 I would go at first by advertising your prefixes as a /24 as well, just randomly checked 2 different locations and the as-path to 11325 is shorter than to 33611 This seems to be the case for customers of Tiscali and L3, so this will probably get most of your traffic back to you... Regards, Ido -----Original Message----- From: Kelvin Williams [mailto:kwilliams@altuscgi.com] Sent: Tuesday, January 31, 2012 1:01 PM To: nanog@nanog.org Subject: Hijacked Network Ranges Greetings all. We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet Exchange) immediately filter out network blocks that are being advertised by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA. The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and 68.66.112.0/20 are registered in various IRRs all as having an origin AS 11325 (ours), and are directly allocated to us. The malicious hijacking is being announced as /24s therefore making route selection pick them. Our customers and services have been impaired. Does anyone have any contacts for anyone at Cavecreek that would actually take a look at ARINs WHOIS, and IRRs so the networks can be restored and our services back in operation? Additionally, does anyone have any suggestion for mitigating in the interim? Since we can't announce as /25s and IRRs are apparently a pipe dream. -- Kelvin Williams Sr. Service Delivery Engineer Broadband & Carrier Services Altus Communications Group, Inc. "If you only have a hammer, you tend to see every problem as a nail." -- Abraham Maslow