[SANOG] Prefix hijacking, how to prevent and fix currently

Tarun Dua lists at tarundua.net
Thu Aug 28 17:21:31 UTC 2014


We got alerted to this by spamcop as we got a large number of abuse
complaints for  a lot of non-existent hosts.

In touch with our upstream providers for this as well.

-Tarun

On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <me at anuragbhatia.com> wrote:
> Hi Tarun
>
>
>
> Yeap, it seems true. The best way to get this fixed would be via AS43239
> itself and if they don't help (or if they intentionally doing it) then via
> their further upstreams.
>
>
> AS43239 contact details are here while their upstreams are here. You can
> find their list of upstreams here.
>
> You can always contact large upstream in the chain who is transiting the
> prefixes. If they stop, the impact will get pretty much local.
>
>
> Also, FYI I don't see that prefix visible in India from that AS43239 pretty
> much because most of networks are anyways filtering it. There's only one
> (and valid) route object for the prefix:
>
> Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 103.20.212.0
> route:          103.20.212.0/24
> descr:          E2E Networks Cloud Routes
> origin:         AS132420
> country:        IN
> notify:         provisioning at e2enetworks.com
> mnt-lower:      MAINT-E2E-NETWORKS-IN
> mnt-routes:     MAINT-E2E-NETWORKS-IN
> mnt-by:         MAINT-E2E-NETWORKS-IN
> changed:        provisioning at e2enetworks.com 20130603
> source:         APNIC
> Anurags-MacBook-Pro:~ anurag$
>
>
> Good luck in getting it fixed!
>
>
> On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <lists at tarundua.net> wrote:
>>
>> AS Number 43239
>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>>
>> Has started hijacking our IPv4 prefix, while this prefix was NOT in
>> production, it worries us that it was this easy for someone to hijack
>> it.
>>
>> http://bgp.he.net/AS43239#_prefixes
>>
>> 103.20.212.0/22 <- This belongs to us.
>>
>> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
>> 193.43.33.0/24 hydrocontrol S.C.R.L.
>> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>>
>> Where do we complain to get this fixed.
>>
>> -Tarun
>> AS132420
>> _______________________________________________
>> sanog mailing list
>> sanog at sanog.org
>> https://lists.sanog.org/mailman/listinfo/sanog
>
>
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>
> Linkedin | Twitter
> Skype: anuragbhatia.com
>
> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2


More information about the sanog mailing list