[bdNOG] BGP Prefix hijacking

• Previous message: [bdNOG] BGP Prefix hijacking
• Next message: [bdNOG] BGP Prefix hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31/12/2015 07:31, Md. Mahbubul Alam Reyad wrote:
>
> Hi
>
> I received the following alert mail from bgpmon where one of our 
> (QUBEE) prefix (163.47.76.0/22 ) is announce by an indian ISP.  FYN 
> this IP prefix was newly acquired from APNIC and yet to be announce 
> from QUBEE (AS45951) network.
>

It looks like they're not announcing it at the moment. Here are some 
useful test sites

* http://bgp.he.net/

Search by IP address or AS number. It doesn't see anything for 
163.47.76.0/22

* Other looking glasses, e.g. telnet route-views.oregon-ix.net

This shows no route (only default) matching that address

route-views>sh ip bgp 163.47.76.0
BGP routing table entry for 0.0.0.0/0, version 8805302
Paths: (4 available, best #4, table default, RIB-failure(17))
   Not advertised to any peer
   Refresh Epoch 1
   58901 51167
     93.104.209.174 from 93.104.209.174 (93.104.209.174)
       Origin IGP, localpref 100, valid, external
       rx pathid: 0, tx pathid: 0
   Refresh Epoch 1
   58443 45177
     103.255.249.22 from 103.255.249.22 (103.255.249.250)
       Origin IGP, localpref 100, valid, external
       rx pathid: 0, tx pathid: 0
   Refresh Epoch 1
   20771 1299
     80.241.176.31 from 80.241.176.31 (80.241.176.30)
       Origin IGP, localpref 100, valid, external
       rx pathid: 0, tx pathid: 0
   Refresh Epoch 1
   58511 2764
     103.247.3.45 from 103.247.3.45 (103.247.3.45)
       Origin IGP, localpref 100, valid, external, best
       rx pathid: 0, tx pathid: 0x0
route-views>

* https://stat.ripe.net/
which will take you to
https://stat.ripe.net/widget/routing-history

This shows a full history of announcements, and I can only see that 
route being announced up to March 2012.

You could also try the older site http://bgplay.routeviews.org/ (needs 
Java I think)

So... it seems to me that if AS131788 is really announcing your route, 
it's probably being filtered before the rest of the Internet sees it. Or 
maybe it was just a temporary glitch.

I note from
http://bgp.he.net/AS131788
that it says they are also announcing bogons :-(

Regards,

Brian.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151231/af8e1745/attachment.html>

• Previous message: [bdNOG] BGP Prefix hijacking
• Next message: [bdNOG] BGP Prefix hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]