[bdNOG] BGP Prefix hijacking

Md. Mahbubul Alam Reyad mahbubul.reyad at qubee.com.bd
Thu Dec 31 14:49:04 BDT 2015


Hi Zobair Bhai

Thanks. Yes, same has been sent to that ISP and waiting for their respond.

Sincerely Yours
-------------------------------------------------------
Md. Mahbubul Alam Reyad
Assistant Manager
CORE-IP Network || Technology
Cell: +880 1976672281 || Skype: new_reyad
www.qubee.com.bd<http://www.qubee.com.bd/>
T +88 02 8812113 || F +88 02 8812115
[Description: Description: logo-02]


From: Md. Zobair Khan [mailto:kzobair at gmail.com]
Sent: Thursday, December 31, 2015 2:29 PM
To: Md. Mahbubul Alam Reyad
Cc: nog at bdnog.org
Subject: Re: [bdNOG] BGP Prefix hijacking

Hi Reyad Vai,


You can send an email to that ISP querying about this possible hijack. Other than that, there is no big primary steps. If the ISP doesn't reply you back with suitable answers, then you can communicate with their upstream to filter these routes from that ISP, since it is your prefix.


BR
Zobair



On Thu, Dec 31, 2015 at 1:31 PM, Md. Mahbubul Alam Reyad <mahbubul.reyad at qubee.com.bd<mailto:mahbubul.reyad at qubee.com.bd>> wrote:
Hi

I received the following alert mail from bgpmon where one of our (QUBEE) prefix (163.47.76.0/22<http://163.47.76.0/22> ) is announce by an indian ISP.  FYN this IP prefix was newly acquired from APNIC and yet to be announce from QUBEE (AS45951) network.

====================================================================
RPKI Validation Failed (Code: 9)
====================================================================
Your prefix:          163.47.76.0/22<http://163.47.76.0/22>:
Prefix Description:   Augere BD IP Prefix
Update time:          2015-12-31 03:14 (UTC)
Detected by #peers:   41
Detected prefix:      163.47.76.0/22<http://163.47.76.0/22>
Announced by:         AS131788 (FUTURINT-IN --  FUTURISTIC INTERNET SERVICES PRIVATE LIMITED)
Upstream AS:          AS44050 (Petersburg Internet Network ltd.)
ASpath:               1103 286 9002 44050 131788
Alert details:        https://portal.bgpmon.net/alerts.php?details&alert_id=58623617
Mark as false alert:  https://portal.bgpmon.net/fp.php?aid=58623617
RPKI Status:          ROA validation failed: Invalid Origin ASN, expected 45951

====================================================================
Withdraw of Prefix (Code: 97)
====================================================================
Your prefix:          163.47.76.0/22<http://163.47.76.0/22>:
Prefix Description:   Augere BD IP Prefix
Update time:          2015-12-31 03:14 (UTC)
Detected by #peers:   46
Detected prefix:      163.47.76.0/22<http://163.47.76.0/22>

May be the upstreams of that ISP are not validating RPKI. What measure should I take for this?

Sincerely Yours
-------------------------------------------------------
Md. Mahbubul Alam Reyad
Assistant Manager
CORE-IP Network || Technology
Cell: +880 1976672281<tel:%2B880%201976672281> || Skype: new_reyad
www.qubee.com.bd<http://www.qubee.com.bd/>
T +88 02 8812113<tel:%2B88%2002%208812113> || F +88 02 8812115<tel:%2B88%2002%208812115>
[Description: Description: logo-02]



_______________________________________________
nog mailing list
nog at bdnog.org<mailto:nog at bdnog.org>
http://mailman.bdnog.org/mailman/listinfo/nog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151231/0a12d0e7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1750 bytes
Desc: image001.jpg
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151231/0a12d0e7/attachment-0001.jpg>


More information about the nog mailing list