[SANOG] Prefix hijacking, how to prevent and fix currently

Tarun Dua lists at tarundua.net
Sat Aug 30 15:12:11 UTC 2014


The hijacking has stopped for now.


We are going to pursue this with RIPE to try and get them to delete
the AS number from their whois DB.

Regards
-Tarun

On Fri, Aug 29, 2014 at 10:39 AM, Paul Wilson <pwilson at apnic.net> wrote:
> Tarun, good luck resolving this!
>
> The case also illustrates the need for secure routing through RPKI and secure BGP.
>
> For more info on RPKI, see www.apnic.net/rpki
>
> best,
>
> Paul
>
>
>
>
> On 29 Aug 2014, at 5:19 am, Octavio Alvarez <alvarezp at alvarezp.ods.org> wrote:
>
>> This happens more often than you think. That's why BGP prefix filtering
>> is so important.
>>
>> BGPmon [1] is a good tool to monitor BGP prefixes.
>>
>> [1] http://www.bgpmon.net/
>>
>> On 28/08/14 09:54, Tarun Dua wrote:
>>> AS Number 43239
>>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>>>
>>> Has started hijacking our IPv4 prefix, while this prefix was NOT in
>>> production, it worries us that it was this easy for someone to hijack
>>> it.
>>>
>>> http://bgp.he.net/AS43239#_prefixes
>>>
>>> 103.20.212.0/22 <- This belongs to us.
>>>
>>> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
>>> 193.43.33.0/24 hydrocontrol S.C.R.L.
>>> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>>>
>>> Where do we complain to get this fixed.
>>>
>>> -Tarun
>>> AS132420
>>> _______________________________________________
>>> sanog mailing list
>>> sanog at sanog.org
>>> https://lists.sanog.org/mailman/listinfo/sanog
>>>
>> _______________________________________________
>> sanog mailing list
>> sanog at sanog.org
>> https://lists.sanog.org/mailman/listinfo/sanog
>


More information about the sanog mailing list