[SANOG] Prefix hijacking, how to prevent and fix currently

Anurag Bhatia me at anuragbhatia.com
Thu Aug 28 17:06:59 UTC 2014

Hi Tarun

Yeap, it seems true. The best way to get this fixed would be via AS43239
itself and if they don't help (or if they intentionally doing it) then via
their further upstreams.

AS43239 contact details are here <http://bgp.he.net/AS43239#_whois> while
their upstreams are here. You can find their list of upstreams here

You can always contact large upstream in the chain who is transiting the
prefixes. If they stop, the impact will get pretty much local.

Also, FYI I don't see that prefix visible in India from that AS43239 pretty
much because most of networks are anyways filtering it. There's only one
(and valid) route object for the prefix:

Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net
descr:          E2E Networks Cloud Routes
origin:         AS132420
country:        IN
notify:         provisioning at e2enetworks.com
mnt-lower:      MAINT-E2E-NETWORKS-IN
mnt-routes:     MAINT-E2E-NETWORKS-IN
mnt-by:         MAINT-E2E-NETWORKS-IN
changed:        provisioning at e2enetworks.com 20130603
source:         APNIC
Anurags-MacBook-Pro:~ anurag$

Good luck in getting it fixed!

On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <lists at tarundua.net> wrote:

> AS Number 43239
> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
> Has started hijacking our IPv4 prefix, while this prefix was NOT in
> production, it worries us that it was this easy for someone to hijack
> it.
> http://bgp.he.net/AS43239#_prefixes
> <- This belongs to us.
> KNS Techno Integrators Pvt. Ltd.
> hydrocontrol S.C.R.L.
> TRAPIL - Societe des Transports Petroliers par Pipeline
> Where do we complain to get this fixed.
> -Tarun
> AS132420
> _______________________________________________
> sanog mailing list
> sanog at sanog.org
> https://lists.sanog.org/mailman/listinfo/sanog


Anurag Bhatia

Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter
Skype: anuragbhatia.com

PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140828/e127eeee/attachment.html>

More information about the sanog mailing list