[SANOG] Prefix hijacking, how to prevent and fix currently
Srinivas Chendi
sunny at apnic.net
Thu Aug 28 17:58:33 UTC 2014
Hi Tarun,
If required you can also contact the RIR that allocated this AS in this case its RIPENCC.
Thanks
Sunny
Sent from my Windows Phone
________________________________
From: Tarun Dua<mailto:lists at tarundua.net>
Sent: 29/08/2014 1:21
To: Anurag Bhatia<mailto:me at anuragbhatia.com>
Cc: SANOG<mailto:sanog at sanog.org>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix currently
We got alerted to this by spamcop as we got a large number of abuse
complaints for a lot of non-existent hosts.
In touch with our upstream providers for this as well.
-Tarun
On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <me at anuragbhatia.com> wrote:
> Hi Tarun
>
>
>
> Yeap, it seems true. The best way to get this fixed would be via AS43239
> itself and if they don't help (or if they intentionally doing it) then via
> their further upstreams.
>
>
> AS43239 contact details are here while their upstreams are here. You can
> find their list of upstreams here.
>
> You can always contact large upstream in the chain who is transiting the
> prefixes. If they stop, the impact will get pretty much local.
>
>
> Also, FYI I don't see that prefix visible in India from that AS43239 pretty
> much because most of networks are anyways filtering it. There's only one
> (and valid) route object for the prefix:
>
> Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 103.20.212.0
> route: 103.20.212.0/24
> descr: E2E Networks Cloud Routes
> origin: AS132420
> country: IN
> notify: provisioning at e2enetworks.com
> mnt-lower: MAINT-E2E-NETWORKS-IN
> mnt-routes: MAINT-E2E-NETWORKS-IN
> mnt-by: MAINT-E2E-NETWORKS-IN
> changed: provisioning at e2enetworks.com 20130603
> source: APNIC
> Anurags-MacBook-Pro:~ anurag$
>
>
> Good luck in getting it fixed!
>
>
> On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <lists at tarundua.net> wrote:
>>
>> AS Number 43239
>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>>
>> Has started hijacking our IPv4 prefix, while this prefix was NOT in
>> production, it worries us that it was this easy for someone to hijack
>> it.
>>
>> http://bgp.he.net/AS43239#_prefixes
>>
>> 103.20.212.0/22 <- This belongs to us.
>>
>> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
>> 193.43.33.0/24 hydrocontrol S.C.R.L.
>> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>>
>> Where do we complain to get this fixed.
>>
>> -Tarun
>> AS132420
>> _______________________________________________
>> sanog mailing list
>> sanog at sanog.org
>> https://lists.sanog.org/mailman/listinfo/sanog
>
>
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>
> Linkedin | Twitter
> Skype: anuragbhatia.com
>
> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
_______________________________________________
sanog mailing list
sanog at sanog.org
https://lists.sanog.org/mailman/listinfo/sanog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140828/44854a6b/attachment-0001.html>
More information about the sanog
mailing list