[bdNOG] BGP Prefix hijacking

Anurag Bhatia me at anuragbhatia.com
Thu Dec 31 15:29:48 BDT 2015


Dear Mahbubul




I think this is not BGP prefix hijack based on the aspath in bgpmon alert.


1103 286 9002 44050 131788


Shows AS 131788 is announcing to AS44050 and beyond. Except origin AS none
of other AS belongs to any Indian telco and I am sure AS 44050 transit is
not available in India. :)

Hence, I think AS131788 has not hijacked prefix but it's rather a case
where an ASN has been hijacked and is being used to announce fishy routes.


http://bgp.he.net/AS131788#_graph4


Shows the relations.


Anyways, will wait to hear back from AS131788 (though I think they haven't
done any misconfig at their end).







On Thu, Dec 31, 2015 at 2:31 PM, Scott Weeks <surfer at mauigateway.com> wrote:

>
>
> On Thu, Dec 31, 2015 at 1:31 PM, Md. Mahbubul Alam Reyad
> <mahbubul.reyad at qubee.com.bd> wrote:
>
> > I received the following alert mail from bgpmon where one of our (QUBEE)
> > prefix (163.47.76.0/22 ) is announce by an indian ISP.  FYN this IP
> > prefix was newly acquired from APNIC and yet to be announce from QUBEE
> > (AS45951) network.
> --------------------------------
>
>
> --- kzobair at gmail.com wrote:
> From: "Md. Zobair Khan" <kzobair at gmail.com>
>
> You can send an email to that ISP querying about this possible hijack.
> Other than that, there is no big primary steps. If the ISP doesn't reply
> you back with suitable answers, then you can communicate with their
> upstream to filter these routes from that ISP, since it is your prefix.
> ---------------------------------
>
>
>
> You could also email their upstream providers and ask
> them to properly filter their customers.  The upstream
> providers should allow the ISP to only announce the
> prefixes they're supposed to announce.
>
> scott
>
>
>
>
>
>
>
>
>
>
>
> >
> > _______________________________________________
> > nog mailing list
> > nog at bdnog.org
> > http://mailman.bdnog.org/mailman/listinfo/nog
> >
> >
>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>



-- 


Anurag Bhatia
anuragbhatia.com


PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151231/2699dcf7/attachment.html>


More information about the nog mailing list