<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><a href="https://www.robtex.com/as/as43239.html">https://www.robtex.com/as/as43239.html</a> makes for interesting reading.</div><div><br></div><div>--srs (iPad)</div><div><br>On 28-Aug-2014, at 23:28, Srinivas Chendi <<a href="mailto:sunny@apnic.net">sunny@apnic.net</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
<div>
<div>
<div style="font-family:Calibri,sans-serif; font-size:11pt">Hi Tarun,<br>
<br>
If required you can also contact the RIR that allocated this AS in this case its RIPENCC.<br>
<br>
Thanks<br>
Sunny<br>
<br>
Sent from my Windows Phone</div>
</div>
<div dir="ltr">
<hr>
<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">From:
</span><span style="font-family:Calibri,sans-serif; font-size:11pt"><a href="mailto:lists@tarundua.net">Tarun Dua</a></span><br>
<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">Sent:
</span><span style="font-family:Calibri,sans-serif; font-size:11pt">29/08/2014 1:21</span><br>
<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">To:
</span><span style="font-family:Calibri,sans-serif; font-size:11pt"><a href="mailto:me@anuragbhatia.com">Anurag Bhatia</a></span><br>
<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">Cc:
</span><span style="font-family:Calibri,sans-serif; font-size:11pt"><a href="mailto:sanog@sanog.org">SANOG</a></span><br>
<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">Subject:
</span><span style="font-family:Calibri,sans-serif; font-size:11pt">Re: [SANOG] Prefix hijacking, how to prevent and fix currently</span><br>
<br>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">We got alerted to this by spamcop as we got a large number of abuse<br>
complaints for a lot of non-existent hosts.<br>
<br>
In touch with our upstream providers for this as well.<br>
<br>
-Tarun<br>
<br>
On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <<a href="mailto:me@anuragbhatia.com">me@anuragbhatia.com</a>> wrote:<br>
> Hi Tarun<br>
><br>
><br>
><br>
> Yeap, it seems true. The best way to get this fixed would be via AS43239<br>
> itself and if they don't help (or if they intentionally doing it) then via<br>
> their further upstreams.<br>
><br>
><br>
> AS43239 contact details are here while their upstreams are here. You can<br>
> find their list of upstreams here.<br>
><br>
> You can always contact large upstream in the chain who is transiting the<br>
> prefixes. If they stop, the impact will get pretty much local.<br>
><br>
><br>
> Also, FYI I don't see that prefix visible in India from that AS43239 pretty<br>
> much because most of networks are anyways filtering it. There's only one<br>
> (and valid) route object for the prefix:<br>
><br>
> Anurags-MacBook-Pro:~ anurag$ whois -h <a href="http://whois.radb.net">whois.radb.net</a> 103.20.212.0<br>
> route: 103.20.212.0/24<br>
> descr: E2E Networks Cloud Routes<br>
> origin: AS132420<br>
> country: IN<br>
> notify: <a href="mailto:provisioning@e2enetworks.com">provisioning@e2enetworks.com</a><br>
> mnt-lower: MAINT-E2E-NETWORKS-IN<br>
> mnt-routes: MAINT-E2E-NETWORKS-IN<br>
> mnt-by: MAINT-E2E-NETWORKS-IN<br>
> changed: <a href="mailto:provisioning@e2enetworks.com">provisioning@e2enetworks.com</a> 20130603<br>
> source: APNIC<br>
> Anurags-MacBook-Pro:~ anurag$<br>
><br>
><br>
> Good luck in getting it fixed!<br>
><br>
><br>
> On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <<a href="mailto:lists@tarundua.net">lists@tarundua.net</a>> wrote:<br>
>><br>
>> AS Number 43239<br>
>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.<br>
>><br>
>> Has started hijacking our IPv4 prefix, while this prefix was NOT in<br>
>> production, it worries us that it was this easy for someone to hijack<br>
>> it.<br>
>><br>
>> <a href="http://bgp.he.net/AS43239#_prefixes">http://bgp.he.net/AS43239#_prefixes</a><br>
>><br>
>> 103.20.212.0/22 <- This belongs to us.<br>
>><br>
>> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.<br>
>> 193.43.33.0/24 hydrocontrol S.C.R.L.<br>
>> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline<br>
>><br>
>> Where do we complain to get this fixed.<br>
>><br>
>> -Tarun<br>
>> AS132420<br>
>> _______________________________________________<br>
>> sanog mailing list<br>
>> <a href="mailto:sanog@sanog.org">sanog@sanog.org</a><br>
>> <a href="https://lists.sanog.org/mailman/listinfo/sanog">https://lists.sanog.org/mailman/listinfo/sanog</a><br>
><br>
><br>
><br>
><br>
> --<br>
><br>
><br>
> Anurag Bhatia<br>
> <a href="http://anuragbhatia.com">anuragbhatia.com</a><br>
><br>
> Linkedin | Twitter<br>
> Skype: <a href="http://anuragbhatia.com">anuragbhatia.com</a><br>
><br>
> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2<br>
_______________________________________________<br>
sanog mailing list<br>
<a href="mailto:sanog@sanog.org">sanog@sanog.org</a><br>
<a href="https://lists.sanog.org/mailman/listinfo/sanog">https://lists.sanog.org/mailman/listinfo/sanog</a><br>
</div>
</span></font>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>sanog mailing list</span><br><span><a href="mailto:sanog@sanog.org">sanog@sanog.org</a></span><br><span><a href="https://lists.sanog.org/mailman/listinfo/sanog">https://lists.sanog.org/mailman/listinfo/sanog</a></span></div></blockquote></body></html>