192.208.19.0/24 hijack transiting 209, 286, 3320, 5511, 6461, 6762, 6830, 8220, 9002, 12956
I see the follwowing ASN transiting a leak concerning 192.208.19.0/24 originated by 4812 209 286 3320 5400 5511 6327 6461 6762 6830 8218 8220 8447 8551 9002 12956 The proper source is 32982 (Department of Energy). More details to be found here: https://bgpstream.com/event/171779 And here: http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0 Cheers, Dominik
China Telecom originating a network that belongs to the agency that controls all things nuclear in the US... nothing suspicious there. On Thu, Jan 3, 2019 at 2:03 PM Dominik Bay <db@rrbone.net> wrote:
I see the follwowing ASN transiting a leak concerning 192.208.19.0/24 originated by 4812
209 286 3320 5400 5511 6327 6461 6762 6830 8218 8220 8447 8551 9002 12956
The proper source is 32982 (Department of Energy). More details to be found here: https://bgpstream.com/event/171779 And here: http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0
Cheers, Dominik
-- Jeff Shultz -- Like us on Social Media for News, Promotions, and other information!! <https://www.facebook.com/SCTCWEB/> <https://www.instagram.com/sctc_503/> <https://www.yelp.com/biz/sctc-stayton-3> <https://www.youtube.com/c/sctcvideos> _**** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****_
Dear all, NTT / AS 2914 deployed explicit filters to block this BGP announcement from AS 4134. I recommend other operators to do the same. I’d also like to recommend AS 32982 to remove the AS_PATH prepend on the /24 announcement so the counter measure is more effective. Kind regards, Job On Fri, Jan 4, 2019 at 1:02 Dominik Bay <db@rrbone.net> wrote:
I see the follwowing ASN transiting a leak concerning 192.208.19.0/24 originated by 4812
209 286 3320 5400 5511 6327 6461 6762 6830 8218 8220 8447 8551 9002 12956
The proper source is 32982 (Department of Energy). More details to be found here: https://bgpstream.com/event/171779 And here: http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0
Cheers, Dominik
Thanks for your efforts in filtering and liaising with CN! This issue has been fixed by ~ 1430 UTC today.
participants (3)
-
Dominik Bay -
Jeff Shultz -
Job Snijders