[SANOG] Prefix hijacking, how to prevent and fix currently

Suresh Ramasubramanian suresh at hserus.net
Thu Aug 28 18:05:17 UTC 2014


https://www.robtex.com/as/as43239.html makes for interesting reading.

--srs (iPad)

> On 28-Aug-2014, at 23:28, Srinivas Chendi <sunny at apnic.net> wrote:
> 
> Hi Tarun,
> 
> If required you can also contact the RIR that allocated this AS in this case its RIPENCC.
> 
> Thanks
> Sunny
> 
> Sent from my Windows Phone
> From: Tarun Dua
> Sent: ‎29/‎08/‎2014 1:21
> To: Anurag Bhatia
> Cc: SANOG
> Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix currently
> 
> We got alerted to this by spamcop as we got a large number of abuse
> complaints for  a lot of non-existent hosts.
> 
> In touch with our upstream providers for this as well.
> 
> -Tarun
> 
> On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <me at anuragbhatia.com> wrote:
> > Hi Tarun
> >
> >
> >
> > Yeap, it seems true. The best way to get this fixed would be via AS43239
> > itself and if they don't help (or if they intentionally doing it) then via
> > their further upstreams.
> >
> >
> > AS43239 contact details are here while their upstreams are here. You can
> > find their list of upstreams here.
> >
> > You can always contact large upstream in the chain who is transiting the
> > prefixes. If they stop, the impact will get pretty much local.
> >
> >
> > Also, FYI I don't see that prefix visible in India from that AS43239 pretty
> > much because most of networks are anyways filtering it. There's only one
> > (and valid) route object for the prefix:
> >
> > Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 103.20.212.0
> > route:          103.20.212.0/24
> > descr:          E2E Networks Cloud Routes
> > origin:         AS132420
> > country:        IN
> > notify:         provisioning at e2enetworks.com
> > mnt-lower:      MAINT-E2E-NETWORKS-IN
> > mnt-routes:     MAINT-E2E-NETWORKS-IN
> > mnt-by:         MAINT-E2E-NETWORKS-IN
> > changed:        provisioning at e2enetworks.com 20130603
> > source:         APNIC
> > Anurags-MacBook-Pro:~ anurag$
> >
> >
> > Good luck in getting it fixed!
> >
> >
> > On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <lists at tarundua.net> wrote:
> >>
> >> AS Number 43239
> >> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
> >>
> >> Has started hijacking our IPv4 prefix, while this prefix was NOT in
> >> production, it worries us that it was this easy for someone to hijack
> >> it.
> >>
> >> http://bgp.he.net/AS43239#_prefixes
> >>
> >> 103.20.212.0/22 <- This belongs to us.
> >>
> >> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
> >> 193.43.33.0/24 hydrocontrol S.C.R.L.
> >> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
> >>
> >> Where do we complain to get this fixed.
> >>
> >> -Tarun
> >> AS132420
> >> _______________________________________________
> >> sanog mailing list
> >> sanog at sanog.org
> >> https://lists.sanog.org/mailman/listinfo/sanog
> >
> >
> >
> >
> > --
> >
> >
> > Anurag Bhatia
> > anuragbhatia.com
> >
> > Linkedin | Twitter
> > Skype: anuragbhatia.com
> >
> > PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
> _______________________________________________
> sanog mailing list
> sanog at sanog.org
> https://lists.sanog.org/mailman/listinfo/sanog
> _______________________________________________
> sanog mailing list
> sanog at sanog.org
> https://lists.sanog.org/mailman/listinfo/sanog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140828/8a8ecd51/attachment.html>


More information about the sanog mailing list