Another 5 of ours just got hit. Anyone have any ideas on what will be done about it? On Wed, Apr 2, 2014 at 1:18 PM, Frank Bulk <frnkblk@iname.com> wrote:
bgpmon has tweeted that "We're currently observing a large hijack event. Indosat AS4761 originating many prefixes not assigned to them."
Let's hope that AS4651 can quickly apply filters.
Frank
-----Original Message----- From: David Hubbard [mailto:dhubbard@dino.hostasaurus.com] Sent: Wednesday, April 02, 2014 2:03 PM To: Joseph Jenkins; nanog@nanog.org Subject: RE: BGPMON Alert Questions
If you contact bgpmon support you may be able to get some more in-depth information. I've contacted them before with alerts like those and they were able to give me specific date, time, ASN and interface information about the peering points that received the announcements; that might help make you present to the suspect party more likely to be acted upon.
-----Original Message----- From: Joseph Jenkins [mailto:joe@breathe-underwater.com] Sent: Wednesday, April 02, 2014 2:52 PM To: nanog@nanog.org Subject: BGPMON Alert Questions
So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly.
I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations?
Is there a way I can verify what they are announcing just to make sure they are still doing it?
Here is the alert for reference:
Your prefix: 8.37.93.0/24:
Update time: 2014-04-02 18:26 (UTC)
Detected by #peers: 2
Detected prefix: 8.37.93.0/24
Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID)
Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH)
ASpath: 18356 9931 4651 4761
-- eSited LLC (701) 390-9638