Re: Hijacked Network Ranges

[Keegan Holley <keegan.holley () sungard com>]

2012/1/31 Justin M. Streiner <streiner () cluebyfour org>

> On Tue, 31 Jan 2012, Grant Ridder wrote:
>
>  What is keeping you from advertising a more specific route (i.e /25's)?
> >
>
> Many providers filter out anything longer (smaller) than /24.

Some will accept it but not propagate it upstream.  This may be useful in
redirecting all the traffic from a large AS if you are directly connected.


> jms
>
>
>  On Tue, Jan 31, 2012 at 12:00 PM, Kelvin Williams <kwilliams () altuscgi com
> > > wrote:
> >
> >  Greetings all.
> > > We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek
> > > Internet
> > > Exchange) immediately filter out network blocks that are being advertised
> > > by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
> > >
> > > The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and
> > > 68.66.112.0/20 are registered in various IRRs all as having an origin AS
> > > 11325 (ours), and are directly allocated to us.
> > >
> > > The malicious hijacking is being announced as /24s therefore making route
> > > selection pick them.
> > >
> > > Our customers and services have been impaired.  Does anyone have any
> > > contacts for anyone at Cavecreek that would actually take a look at ARINs
> > > WHOIS, and IRRs so the networks can be restored and our services back in
> > > operation?
> > >
> > > Additionally, does anyone have any suggestion for mitigating in the
> > > interim?  Since we can't announce as /25s and IRRs are apparently a pipe
> > > dream.
> > >
> > > --
> > > Kelvin Williams
> > > Sr. Service Delivery Engineer
> > > Broadband & Carrier Services
> > > Altus Communications Group, Inc.
> > >
> > >
> > > "If you only have a hammer, you tend to see every problem as a nail." --
> > > Abraham Maslow