Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

Since it’s come up on the list and we haven’t given a public update recently, I thought I’d just write a quick note on the state of INOC-DBA. For those who aren’t familiar with it, INOC-DBA is a SIP-based hotline communications system between NOCs and CERTs: https://www.pch.net/services

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

On 30/09/2015, at 6:19 AM, Matthew Walster wrote: > ​"lolz" as the kids say.​ Current stats indicate it's actually only the old-timers that say lolz now days! ;) http://www.huffingtonpost.com/entry/facebook-study-laughter_55c8b148e4b0f1cbf1e5857e Pete

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

We have a big, red rotary phone that sits in our NOC that we have attached to a VoIP box just to use for that. :) On 9/29/2015 10:05 AM, Bob Evans wrote: Nice of you to check Jim. This brings up the old idea - A long time ago I had an INOC phone by PCH.NET - It never rang, as we filter our outb

Re: Prefix hijacking by AS20115

On Tue, Sep 29, 2015 at 1:29 PM, N M wrote: > If this is anything like what I deal with the aging timer for the bgp > session is set to 180s by default. After 2 years I've been unable to get > the charter noc to enable bfd on my links to address this issue because bfd brings it's own special sor

Re: Prefix hijacking by AS20115

If this is anything like what I deal with the aging timer for the bgp session is set to 180s by default. After 2 years I've been unable to get the charter noc to enable bfd on my links to address this issue On Sep 29, 2015 10:59 AM, "Seth Mattinen" wrote: > On 9/29/15 8:18 AM, Rampley Jr, Jim F

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

On 29 September 2015 at 17:13, Bob Evans wrote: > Neils, do you actually work at in a NOC operation with BGP operations and > policies you can change - a backbone with customers? ​"lolz" as the kids say.​ > SayAn email/ text might work well or even better than SIP - if we had > an APP th

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

Neils, do you actually work at in a NOC operation with BGP operations and policies you can change - a backbone with customers? If not - I would understand why email is fast enough for you. Maybe SIP iNOC phone isn't the right answer - but it seems to work fine everywhere I go. There just has to be

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

Well, there *is* outa...@outages.org... :-) - Original Message - > From: "Royce Williams" > To: nanog@nanog.org > Sent: Tuesday, September 29, 2015 11:31:54 AM > Subject: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115 > On Tue, Sep 29, 2015

Re: Prefix hijacking by AS20115

On 9/29/15 8:18 AM, Rampley Jr, Jim F wrote: > This issue was caused by a hung BGP process which was resolved last night. Nothing nefarious. No static configuration nailed up, no BGP highjacking purposely done. ;) Is there a Cisco bug ID? ~Seth

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

* j...@baylink.com (Jay Ashworth) [Tue 29 Sep 2015, 17:31 CEST]: The idea of a private tieline network that is connected, by SIP, to a line appearance in the NOC of each AS, and no one else is on it, seems like a fine idea to me. Until you take into account that SIP doesn't work through many fi

Re: Prefix hijacking by AS20115

On Sep 28, 2015, at 11:59 PM, Bob Evans wrote: > > Would be nice if our membership organization ARIN ( that we all pay to > keep us somewhat organized) had an ability to do something for you I > never looked into it...i don't knowmaybe it does ? > No one else has said this, so… RPKI.

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

On Tue 2015-Sep-29 11:19:57 -0400, Jay Ashworth wrote: : Show of hands: who has it set up, correctly, right now? I had this in my to-do, and this thread poked me again to get on with it. Sadly, https://inoc-dba-web.pch.net/inoc-dba/console.cgi?op=new_account gives me: Account sign u

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

On Tue, Sep 29, 2015 at 7:12 AM, Job Snijders wrote: > > Hi Bob, > > On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: > > This seems like a very good proper civil approach - maybe this or > > something like it ARIN might help promote and endorse as a benefit to > > the community ? Be nic

Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

rrectly, right now? - Original Message - > From: "Job Snijders" > To: "Bob Evans" > Cc: nanog@nanog.org > Sent: Tuesday, September 29, 2015 11:12:43 AM > Subject: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115 > Hi Bob, >

Re: Prefix hijacking by AS20115

On 9/29/15, 9:49 AM, "Seth Mattinen" wrote: >On 9/29/15 7:26 AM, Rampley Jr, Jim F wrote: >> >> >> On 9/28/15, 10:24 PM, "NANOG on behalf of Seth Mattinen" >> wrote: >> >>> On 9/28/15 20:19, Martin Hannigan wrote: Is this related to 104.73.161.0/24? That's ours. :-) We'll ta

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

I have actually found this NANOG email to be more effective than a chat or mombook public service. We need something more private like that. Thank You Bob Evans CTO > A friend is not someone that allows their company to hijack your prefixes. > A friend is one that can get it to stop. Dude - wa

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

A friend is not someone that allows their company to hijack your prefixes. A friend is one that can get it to stop. Dude - wake up and drink some coffee. Thank You Bob Evans CTO > Hi Bob, > > On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: >> This seems like a very good proper civil

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

Hi Bob, On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: > This seems like a very good proper civil approach - maybe this or > something like it ARIN might help promote and endorse as a benefit to > the community ? Be nice if with the cash they did something simple > like this and got al

PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

Nice of you to check Jim. This brings up the old idea - A long time ago I had an INOC phone by PCH.NET - It never rang, as we filter our outbound with detail everywhere we announce. ISPs need to provide us their address list. And the few times I needed to use it , no one ever answered. ( It was a

Re: Prefix hijacking by AS20115

On 9/29/15 7:26 AM, Rampley Jr, Jim F wrote: On 9/28/15, 10:24 PM, "NANOG on behalf of Seth Mattinen" wrote: On 9/28/15 20:19, Martin Hannigan wrote: Is this related to 104.73.161.0/24? That's ours. :-) We'll take a look and get back to you. Thanks for caring! Yep, that's one of the

Re: Prefix hijacking by AS20115

On 29/Sep/15 16:26, Rampley Jr, Jim F wrote: > > Hi Seth, which market was this occurring? Was this already removed? I'm > not seeing it this morning. I would like to figure out what went wrong > here. We shouldn't be nailing up any static configuration to have caused > a situation like this

Re: Prefix hijacking by AS20115

On 9/28/15, 10:24 PM, "NANOG on behalf of Seth Mattinen" wrote: >On 9/28/15 20:19, Martin Hannigan wrote: >> >>Is this related to 104.73.161.0/24? That's ours. :-) >> >>We'll take a look and get back to you. Thanks for caring! >> > > >Yep, that's one of the affected prefixes. > >~Seth Hi Seth,

Re: Prefix hijacking by AS20115

On Tue, Sep 29, 2015 at 2:04 AM, Bob Evans wrote: > > >> On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans >> wrote: >>> That's something I would do. Announce announce and keep adding ports >>> until >>> I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in >>> a >>> blackhole route f

Re: Prefix hijacking by AS20115

> On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans > wrote: >> That's something I would do. Announce announce and keep adding ports >> until >> I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in >> a >> blackhole route for the prefixes. Try to pick blocks that are as >> geographi

Re: Prefix hijacking by AS20115

On Mon, 28 Sep 2015, Seth Mattinen wrote: I'm at the tail end here almost 8 hours later since the hijacking started. Their NOC is just blowing me off now and they're happy to continue the hijacking until it's convenient for them to have a maintenance window. And that's apparently the final deci

RE: Prefix hijacking by AS20115

anog@nanog.org] Subject: Re: Prefix hijacking by AS20115 +1, this is the only sensible advice here. NSPs actually do seem to care about not letting things like these happen. On 2015/09/29 01:24 PM, Hank Nussbacher wrote: > At 23:11 28/09/2015 -0400, Josh Luthman wrote: > >> Start

Re: Prefix hijacking by AS20115

+1, this is the only sensible advice here. NSPs actually do seem to care about not letting things like these happen. On 2015/09/29 01:24 PM, Hank Nussbacher wrote: At 23:11 28/09/2015 -0400, Josh Luthman wrote: Start announcing their prefixes? Contact the upstreams of AS20115 - Cogent, Leve

Re: Prefix hijacking by AS20115

On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans wrote: > That's something I would do. Announce announce and keep adding ports until > I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a > blackhole route for the prefixes. Try to pick blocks that are as > geographically located t

Re: Prefix hijacking by AS20115

At 23:11 28/09/2015 -0400, Josh Luthman wrote: Start announcing their prefixes? Contact the upstreams of AS20115 - Cogent, Level3, HE and XO. -Hank Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sep 28, 2015 11:09 PM, "Seth Mattinen" wrot

Re: Prefix hijacking by AS20115

That's something I would do. Announce announce and keep adding ports until I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a blackhole route for the prefixes. Try to pick blocks that are as geographically located to your peering routers as possible ...IE in Reno pick the blo

Re: Prefix hijacking by AS20115

On 9/28/15 20:19, Martin Hannigan wrote: Is this related to 104.73.161.0/24? That's ours. :-) We'll take a look and get back to you. Thanks for caring! Yep, that's one of the affected prefixes. ~Seth

Re: Prefix hijacking by AS20115

Is this related to 104.73.161.0/24? That's ours. :-) We'll take a look and get back to you. Thanks for caring! Best, Marty > On Sep 28, 2015, at 23:08, Seth Mattinen wrote: > >> On 9/28/15 18:30, William Herrin wrote: >>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen wrote: >>> I've go

Re: Prefix hijacking by AS20115

Start announcing their prefixes? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sep 28, 2015 11:09 PM, "Seth Mattinen" wrote: > On 9/28/15 18:30, William Herrin wrote: > >> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen >> wrote: >> >>> I've go

Re: Prefix hijacking by AS20115

On 9/28/15 18:30, William Herrin wrote: On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen wrote: I've got a problem where AS20115 continues to announce prefixes after BGP neighbors were shutdown. They claim it's a wedged BGP process but aren't in any hurry to fix it outside of a maintenance window

Re: Prefix hijacking by AS20115

On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen wrote: > I've got a problem where AS20115 continues to announce prefixes after BGP > neighbors were shutdown. They claim it's a wedged BGP process but aren't in > any hurry to fix it outside of a maintenance window. If they weren't lying to you, they

Prefix hijacking by AS20115

I've got a problem where AS20115 continues to announce prefixes after BGP neighbors were shutdown. They claim it's a wedged BGP process but aren't in any hurry to fix it outside of a maintenance window. I'm at a loss of what else I can do. They admit the problem but won't take action saying it