[bdNOG] BGP Prefix hijacking
Scott Weeks
surfer at mauigateway.com
Thu Dec 31 15:25:59 BDT 2015
--- mahbubul.reyad at qubee.com.bd wrote:
From: "Md. Mahbubul Alam Reyad" <mahbubul.reyad at qubee.com.bd>
I received the following alert mail from bgpmon where one of
our (QUBEE) prefix (163.47.76.0/22 ) is announce by an indian
ISP. FYN this IP prefix was newly acquired from APNIC and yet
to be announce from QUBEE (AS45951) network.
====================================================================
RPKI Validation Failed (Code: 9)
====================================================================
Your prefix: 163.47.76.0/22:
RPKI Status: ROA validation failed: Invalid Origin ASN, expected 45951
====================================================================
Withdraw of Prefix (Code: 97)
====================================================================
-----------------------------------------------------------
I am weak at RPKI, but I don't see it announced. The message
seem to say that it's withdrawn and I don't see it in route
servers:
telnet://route-server.eu.gblx.net
route-server.ams2>sho ip bgp | inc 163.47
* i163.47.68.0/22 67.16.147.121 100 200 0 3356 6453 7545 2764 17907 i
* i163.47.72.0/22 67.16.147.121 50 200 0 2914 38809 38719 i
* i163.47.80.0/22 67.16.147.121 50 200 0 2914 132602 i
telnet://route-views.on.bb.telus.com
*> 163.47.72.0/22 154.11.63.85 0 852 7473 7474 38809 38719 i
*> 163.47.80.0/22 154.11.63.85 0 852 2914 23456 i
*> 163.47.84.0/24 154.11.63.85 0 852 9498 58717 38592 i
scott
_______________________________________________
nog mailing list
nog at bdnog.org
http://mailman.bdnog.org/mailman/listinfo/nog
More information about the nog
mailing list