[bdNOG] BGP Prefix hijacking
Md. Zobair Khan
kzobair at gmail.com
Thu Dec 31 14:29:15 BDT 2015
Hi Reyad Vai,
You can send an email to that ISP querying about this possible hijack.
Other than that, there is no big primary steps. If the ISP doesn't reply
you back with suitable answers, then you can communicate with their
upstream to filter these routes from that ISP, since it is your prefix.
BR
Zobair
On Thu, Dec 31, 2015 at 1:31 PM, Md. Mahbubul Alam Reyad <
mahbubul.reyad at qubee.com.bd> wrote:
> Hi
>
>
>
> I received the following alert mail from bgpmon where one of our (QUBEE)
> prefix (163.47.76.0/22 ) is announce by an indian ISP. FYN this IP
> prefix was newly acquired from APNIC and yet to be announce from QUBEE
> (AS45951) network.
>
>
>
> ====================================================================
>
> RPKI Validation Failed (Code: 9)
>
> ====================================================================
>
> Your prefix: 163.47.76.0/22:
>
> Prefix Description: Augere BD IP Prefix
>
> Update time: 2015-12-31 03:14 (UTC)
>
> Detected by #peers: 41
>
> Detected prefix: 163.47.76.0/22
>
> Announced by: AS131788 (FUTURINT-IN -- FUTURISTIC INTERNET
> SERVICES PRIVATE LIMITED)
>
> Upstream AS: AS44050 (Petersburg Internet Network ltd.)
>
> ASpath: 1103 286 9002 44050 131788
>
> Alert details:
> https://portal.bgpmon.net/alerts.php?details&alert_id=58623617
>
> Mark as false alert: https://portal.bgpmon.net/fp.php?aid=58623617
>
> RPKI Status: ROA validation failed: Invalid Origin ASN, expected
> 45951
>
>
>
> ====================================================================
>
> Withdraw of Prefix (Code: 97)
>
> ====================================================================
>
> Your prefix: 163.47.76.0/22:
>
> Prefix Description: Augere BD IP Prefix
>
> Update time: 2015-12-31 03:14 (UTC)
>
> Detected by #peers: 46
>
> Detected prefix: 163.47.76.0/22
>
>
>
> May be the upstreams of that ISP are not validating RPKI. What measure
> should I take for this?
>
>
>
> Sincerely Yours
>
> -------------------------------------------------------
>
> Md. Mahbubul Alam *Reyad*
>
> Assistant Manager
>
> CORE-IP Network || Technology
>
> Cell: +880 1976672281 || Skype: new_reyad
>
> www.qubee.com.bd
>
> T +88 02 8812113 || F +88 02 8812115
>
> [image: Description: Description: logo-02]
>
>
>
>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151231/f56ccf45/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1750 bytes
Desc: not available
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151231/f56ccf45/attachment-0001.jpg>
More information about the nog
mailing list