Saw this as well on my blocks. Is this malicious or did someone redistribute all of bgp with bad upstream filtering?
On Wed, Apr 2, 2014 at 3:16 PM, James Laszko <jam...@mythostech.com> wrote: > I have someone from cat.net.th on the phone and he doesn't speak a lot of > English and I don't speak any Thai..... He knew what indosat was and their > AS number. He further stated he got my email (never told him who I was), > but he said he would be replying ASAP. We only had one /24 announced by > indosat. > > > James Laszko > Mythos Technology Inc > > > Sent from my iPad > > > On Apr 2, 2014, at 1:08 PM, "Bryan Tong" <cont...@nullivex.com> wrote: > > > > Another 5 of ours just got hit. > > > > Anyone have any ideas on what will be done about it? > > > > > >> On Wed, Apr 2, 2014 at 1:18 PM, Frank Bulk <frnk...@iname.com> wrote: > >> > >> bgpmon has tweeted that "We're currently observing a large hijack event. > >> Indosat AS4761 originating many prefixes not assigned to them." > >> > >> Let's hope that AS4651 can quickly apply filters. > >> > >> Frank > >> > >> -----Original Message----- > >> From: David Hubbard [mailto:dhubb...@dino.hostasaurus.com] > >> Sent: Wednesday, April 02, 2014 2:03 PM > >> To: Joseph Jenkins; nanog@nanog.org > >> Subject: RE: BGPMON Alert Questions > >> > >> If you contact bgpmon support you may be able to get some more in-depth > >> information. I've contacted them before with alerts like those and they > >> were able to give me specific date, time, ASN and interface information > >> about the peering points that received the announcements; that might > >> help make you present to the suspect party more likely to be acted upon. > >> > >> -----Original Message----- > >> From: Joseph Jenkins [mailto:j...@breathe-underwater.com] > >> Sent: Wednesday, April 02, 2014 2:52 PM > >> To: nanog@nanog.org > >> Subject: BGPMON Alert Questions > >> > >> So I setup BGPMON for my prefixes and got an alert about someone in > >> Thailand announcing my prefix. Everything looks fine to me and I've > >> checked a bunch of different Looking Glasses and everything announcing > >> correctly. > >> > >> I am assuming I should be contacting the provider about their > >> misconfiguration and announcing my prefixes and get them to fix it. Any > >> other recommendations? > >> > >> Is there a way I can verify what they are announcing just to make sure > >> they are still doing it? > >> > >> Here is the alert for reference: > >> > >> Your prefix: 8.37.93.0/24: > >> > >> Update time: 2014-04-02 18:26 (UTC) > >> > >> Detected by #peers: 2 > >> > >> Detected prefix: 8.37.93.0/24 > >> > >> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network > >> Provider,ID) > >> > >> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority > >> of > >> Thailand(CAT),TH) > >> > >> ASpath: 18356 9931 4651 4761 > > > > > > -- > > eSited LLC > > (701) 390-9638 > >
