[SANOG] Prefix hijacking, how to prevent and fix currently
sunny at apnic.net
Thu Aug 28 17:58:33 UTC 2014
If required you can also contact the RIR that allocated this AS in this case its RIPENCC.
Sent from my Windows Phone
From: Tarun Dua<mailto:lists at tarundua.net>
Sent: 29/08/2014 1:21
To: Anurag Bhatia<mailto:me at anuragbhatia.com>
Cc: SANOG<mailto:sanog at sanog.org>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix currently
We got alerted to this by spamcop as we got a large number of abuse
complaints for a lot of non-existent hosts.
In touch with our upstream providers for this as well.
On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <me at anuragbhatia.com> wrote:
> Hi Tarun
> Yeap, it seems true. The best way to get this fixed would be via AS43239
> itself and if they don't help (or if they intentionally doing it) then via
> their further upstreams.
> AS43239 contact details are here while their upstreams are here. You can
> find their list of upstreams here.
> You can always contact large upstream in the chain who is transiting the
> prefixes. If they stop, the impact will get pretty much local.
> Also, FYI I don't see that prefix visible in India from that AS43239 pretty
> much because most of networks are anyways filtering it. There's only one
> (and valid) route object for the prefix:
> Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 22.214.171.124
> route: 126.96.36.199/24
> descr: E2E Networks Cloud Routes
> origin: AS132420
> country: IN
> notify: provisioning at e2enetworks.com
> mnt-lower: MAINT-E2E-NETWORKS-IN
> mnt-routes: MAINT-E2E-NETWORKS-IN
> mnt-by: MAINT-E2E-NETWORKS-IN
> changed: provisioning at e2enetworks.com 20130603
> source: APNIC
> Anurags-MacBook-Pro:~ anurag$
> Good luck in getting it fixed!
> On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <lists at tarundua.net> wrote:
>> AS Number 43239
>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>> Has started hijacking our IPv4 prefix, while this prefix was NOT in
>> production, it worries us that it was this easy for someone to hijack
>> 188.8.131.52/22 <- This belongs to us.
>> 184.108.40.206/22 KNS Techno Integrators Pvt. Ltd.
>> 220.127.116.11/24 hydrocontrol S.C.R.L.
>> 18.104.22.168/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>> Where do we complain to get this fixed.
>> sanog mailing list
>> sanog at sanog.org
> Anurag Bhatia
> Linkedin | Twitter
> Skype: anuragbhatia.com
> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
sanog mailing list
sanog at sanog.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sanog