[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Potential Prefix Hijack
- Subject: Potential Prefix Hijack
- From: paul at blacknight.com (Paul Kelly :: Blacknight)
- Date: Tue, 11 Nov 2008 11:53:23 +0000
- In-reply-to: <[email protected]>
- References: <[email protected]>
We too saw this issue.
2008-11-11 01:56:36 GMT they took over one of our /20's ...
Paul Kelly
Technical Director
Blacknight Internet Solutions ltd
Hosting, Colocation, Dedicated servers
IP Transit Services
Tel: +353 (0) 59 9183072
Lo-call: 1850 929 929
DDI: +353 (0) 59 9183091
e-mail: paul at blacknight.ie
web: http://www.blacknight.ie
Blacknight Internet Solutions Ltd,
Unit 12A,Barrowside Business Park,
Sleaty Road,
Graiguecullen,
Carlow,
Ireland
Company No.: 370845
> -----Original Message-----
> From: Mark Tinka [mailto:mtinka at globaltransit.net]
> Sent: Tuesday, November 11, 2008 2:54 AM
> To: nanog at nanog.org
> Subject: Potential Prefix Hijack
>
> Hi all.
>
> Anyone know how we can contact AS16735 and their upstream
> AS27664. We think they are hijacking a number of our
> prefixes (AS24218- and AS17992-originated). Thanks BGPmon:
>
> e.g.,
>
> ====================
> Possible Prefix Hijack (Code: 11)
> 1 number of peer(s) detected this updates for your prefix
> 61.11.208.0/20:
> Update details: 2008-11-11 02:24 (UTC)
> 61.11.208.0/20
> Announced by: AS16735 (Companhia de Telecomunicacoes do
> Brasil Central)
> Transit AS: 27664 (CTBC Multimdia)
> ASpath: 27664 16735
> =====================
>
> RIPE's RIS BGPlay confirms the same, for about the last
> hour.
>
> E-mails to them won't get there (of course), so our NOC are
> contacting them via Gmail/Yahoo.
>
> All help appreciated.
>
> Cheers,
>
> Mark.
>