Looks like this incident didn't start today. I show it starting back on 2/22 at 00:31:38 UTC. It then persisted till 3/19 where it started to get withdrawn by most peers. It wasn't until 3/20 at 19:10:10 UTC when it was globally withdrawn from all peers that were advertising it. I'll be like Job and plug monitoring. Had FaleMais and/or University of Iowa been monitoring their own prefixes as well as what they advertised (originate in this case), this could have been stopped when it started almost a month ago. --Tim On 20.03.2018 13:32, Sandra Murphy wrote:
You are pointing out that 138.255.192.0/22 is the likely cause of the hijack of 128.255.192.0/22, right?
(No need to be privately told - that's straight from the LACNIC Whois)
--Sandy On Mar 20, 2018, at 3:40 PM, Alejandro Acosta <alejandroacostaalamo@gmail.com> wrote: Hello, Someone in Lacnog privately told me this: aut-num: AS263971 owner: FaleMais Comunicações LTDA responsible: Paulo Henrique Mem Pereira owner-c: LEVAL5 routing-c: LEVAL5 abuse-c: LEVAL5 created: 20150831 changed: 20150831 inetnum: 138.255.192.0/22 inetnum: 2804:28a0::/32 inetnum: 170.254.76.0/22 <http://170.254.76.0/22 [1]> Regards, Alejandro, El 20/3/18 a las 2:35 p. m., Jay Ford escribió: Something apparently in Brazil is hijacking 128.255.192.0/22, part of 128.255.0.0/16 which is held by the University of Iowa. AS 263971 is announcing 128.255.192.0/22 which Hurricane Electric is accepting & propagating. None of that has any authorization. I can't find any decent contact information for the originating entity, so I have reported it to abuse@he.net, but it'd be fabulous if some HE folks listening here could whack the hijacking faster than the abuse channels will get to it. Also useful would be some functional contact for AS263971. Any help will be appreciated. ________________________________________________________________________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-ford@uiowa.edu, phone: 319-335-5555
Links: ------ [1] http://170.254.76.0/22