[lacnog] Prefix Hijacking
Ariel Antigua
me en arielantigua.com
Jue Dic 19 14:50:21 -02 2019
Maybe is fixed already?
I was looking for your prefix and is not in my routing table or being announced by 263774.
bird>
bird> show route where bgp_path.last = 263774 primary
138.117.78.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
138.117.78.0/23 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
138.117.79.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
138.117.76.0/23 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
138.117.76.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
138.117.76.0/22 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
138.117.77.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
170.83.126.0/23 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
170.83.126.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774?]
170.83.127.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
170.83.124.0/23 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
170.83.124.0/22 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
170.83.124.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774?]
170.83.125.0/24 via 185.1.119.40 on ens19 [t_loc_AS206499 2019-12-17 from 185.1.119.2] * (110) [AS263774i]
bird> show route where bgp_path.last = 267759 primary
bird>
.aa
From: Lucas Willian Bocchi
Sent: Thursday, December 19, 2019 12:27 PM
To: lacnog en lacnic.net
Subject: [lacnog] Prefix Hijacking
Hello.
We have entered in contact with AS263774 informing the problem but we won't provide any solution to the trouble.
Our BGP session with the AS263774 are totally down and the announces don't cease to exists. We believe that these provider hijack our announces
Thu Dec 19 16:08:16.916 UTC
BGP routing table entry for 45.167.18.0/24
Versions:
Process bRIB/RIB SendTblVer
Speaker 497636789 497636789
Last Modified: Dec 19 15:36:44.535 for 00:31:32
Paths: (1 available, best #1)
Advertised IPv4 Unicast paths to peers (in unique update groups):
38.5.0.99
Path #1: Received by speaker 0
Advertised IPv4 Unicast paths to peers (in unique update groups):
38.5.0.99
3356 3549 263774 263774 267759
4.68.111.177 (metric 103030) from 38.28.1.83 (38.28.1.238)
Origin IGP, metric 4294967294, localpref 100, valid, internal, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 497636789
Community: 174:11401 174:20666 174:21100 174:22005
Originator: 38.28.1.238, Cluster list: 38.28.1.83, 38.28.1.67
How are the correct solution to the case? The NOC are already alerted about the problem but says that "all is ok on your side".
Regards.
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20191219/e0bb1fa6/attachment.html>
Más información sobre la lista de distribución LACNOG