Many/most transit providers filter prefixes longer than /24, so the effectiveness may be minimal.
At the very least I'd advertise /24s yourself because if the forger is geographically further away, some local sites may still work. Better than nothing. On Tue, Jan 31, 2012 at 11:19 AM, Grant Ridder <shortdudey...@gmail.com>wrote: > Hi, > > What is keeping you from advertising a more specific route (i.e /25's)? > > -Grant > > On Tue, Jan 31, 2012 at 12:00 PM, Kelvin Williams <kwilli...@altuscgi.com > >wrote: > > > Greetings all. > > > > We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek > Internet > > Exchange) immediately filter out network blocks that are being advertised > > by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA. > > > > The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and > > 68.66.112.0/20 are registered in various IRRs all as having an origin AS > > 11325 (ours), and are directly allocated to us. > > > > The malicious hijacking is being announced as /24s therefore making route > > selection pick them. > > > > Our customers and services have been impaired. Does anyone have any > > contacts for anyone at Cavecreek that would actually take a look at ARINs > > WHOIS, and IRRs so the networks can be restored and our services back in > > operation? > > > > Additionally, does anyone have any suggestion for mitigating in the > > interim? Since we can't announce as /25s and IRRs are apparently a pipe > > dream. > > > > -- > > Kelvin Williams > > Sr. Service Delivery Engineer > > Broadband & Carrier Services > > Altus Communications Group, Inc. > > > > > > "If you only have a hammer, you tend to see every problem as a nail." -- > > Abraham Maslow > > >
