Re: [anti-abuse-wg] Yet another BGP hijacking towards AS16509
In message <CAO3CAMoT9gC_Evd-CcZg06A-o_MajmLtxLHbXFnauDoMyqoSYg@mail.gmail.com>, Siyuan Miao <siyuan@misaka.io> wrote:
Hjacking didn't last too long. AWS started announcing a more specific announcement to prevent hijacking around 3 hours later. Kudos to Amazon's security team :-)
Sorry. I'm missing something here. If the hijack was of 44.235.216.0/24, then how did AWS propagate a "more specific" than that? Regards, rfg
Amazon was only announcing 44.224.0.0/11 at first. https://bgp.tools/prefix/44.235.216.0/24 On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message < CAO3CAMoT9gC_Evd-CcZg06A-o_MajmLtxLHbXFnauDoMyqoSYg@mail.gmail.com>, Siyuan Miao <siyuan@misaka.io> wrote:
Hjacking didn't last too long. AWS started announcing a more specific announcement to prevent hijacking around 3 hours later. Kudos to Amazon's security team :-)
Sorry. I'm missing something here. If the hijack was of 44.235.216.0/24, then how did AWS propagate a "more specific" than that?
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Wasn't 44/8 the space for AMPRNet? I looked it up and they sold part of it to Amazon. Ok. Got it. Possible that a potential highjack could be a good faith radio ham who hasn't somehow been updated on the sale of that space? Or more likely to be a malicious highjack? On 8/23/22 02:05, Siyuan Miao wrote:
Amazon was only announcing 44.224.0.0/11 <http://44.224.0.0/11> at first.
https://bgp.tools/prefix/44.235.216.0/24
On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <CAO3CAMoT9gC_Evd-CcZg06A-o_MajmLtxLHbXFnauDoMyqoSYg@mail.gmail.com>, Siyuan Miao <siyuan@misaka.io> wrote:
>Hjacking didn't last too long. AWS started announcing a more specific >announcement to prevent hijacking around 3 hours later. Kudos to Amazon's >security team :-)
Sorry. I'm missing something here. If the hijack was of 44.235.216.0/24 <http://44.235.216.0/24>, then how did AWS propagate a "more specific" than that?
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Yeah, ARDC sold part of it to Amazon. I doubt they even had right to do so due to 44/8 was an legacy IP range.. ARIN allowed it.. All too shady. Anyway, according to AMPRnet that range was unallocated, so no active radio ham networks were at that range, so I doubt it was someone from AMPRnet. Getting parts of 44/8 reannounced by different gw than ucsd.edu is not that easy after all. ---------- Original message ---------- From: Ellenor Agnes Bjornsdottir <large.hadron.collider@gmx.com> To: nanog@nanog.org Subject: Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards AS16509) Date: Tue, 30 Aug 2022 04:13:24 +0000 Wasn't 44/8 the space for AMPRNet? I looked it up and they sold part of it to Amazon. Ok. Got it. Possible that a potential highjack could be a good faith radio ham who hasn't somehow been updated on the sale of that space? Or more likely to be a malicious highjack? On 8/23/22 02:05, Siyuan Miao wrote:
Amazon was only announcing 44.224.0.0/11 <http://44.224.0.0/11> at first.
https://bgp.tools/prefix/44.235.216.0/24
On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <CAO3CAMoT9gC_Evd-CcZg06A-o_MajmLtxLHbXFnauDoMyqoSYg@mail.gmail.com>, Siyuan Miao <siyuan@misaka.io> wrote:
>Hjacking didn't last too long. AWS started announcing a more specific >announcement to prevent hijacking around 3 hours later. Kudos to Amazon's >security team :-)
Sorry. I'm missing something here. If the hijack was of 44.235.216.0/24 <http://44.235.216.0/24>, then how did AWS propagate a "more specific" than that?
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
participants (4)
-
borg@uu3.net -
Ellenor Agnes Bjornsdottir -
Ronald F. Guilmette -
Siyuan Miao