[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential Prefix Hijack

Subject: Potential Prefix Hijack
From: ml at t-b-o-h.net (Tuc at T-B-O-H.NET)
Date: Tue, 11 Nov 2008 07:00:44 -0500 (EST)
In-reply-to: <[email protected]>

> 
>       On Tue, 11 Nov 2008, Mark Tinka wrote:
>     > Anyone know how we can contact AS16735 and their upstream 
>     > AS27664. We think they are hijacking a number of our 
>     > prefixes (AS24218- and AS17992-originated).
> 
> Have you tried CERT-BR?  Uh...  I was about to say "they're usually very 
> responsive, and good at coordinating this sort of thing."  And then their 
> web site failed to load, because the prefix it's in is flapping.  Hm.
> 
> Fred, you still awake?
> 
>                                 -Bill
> 
> 
	Odd, we were just hijacked too, one match to the same AS:

Prefix: 64.193.164.0/24
AS Path: 27664 16735
Seen by Route Collector: 15
Peer IP: 200.219.130.21
Peer AS Number: 27664
Timestamp (GMT): 1:56, Nov 11 2008

	And a match from other AS's

Prefix: 192.136.64.0/24
AS Path: 22548 16735
Seen by Route Collector: 15
Peer IP: 200.160.0.130
Peer AS Number: 22548
Timestamp (GMT): 1:59, Nov 11 2008

Prefix: 64.193.164.0/24
AS Path: 22548 16735
Seen by Route Collector: 15
Peer IP: 200.160.0.130
Peer AS Number: 22548
Timestamp (GMT): 1:56, Nov 11 2008


			Tuc

References:
- Potential Prefix Hijack
  - From: woody at pch.net (Bill Woodcock)

Prev by Date: Potential Prefix Hijack
Next by Date: Potential Prefix Hijack
Previous by thread: Potential Prefix Hijack
Next by thread: Potential Prefix Hijack
Index(es):
- Date
- Thread