[nsp-sec] AS8997
David Freedman
david.freedman at uk.clara.net
Tue Sep 23 03:12:36 EDT 2008
I saw this live on route-views last night as did many others,
Ian?
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----Original Message-----
From: Hank Nussbacher [mailto:hank at efes.iucc.ac.il]
Sent: Tue 9/23/2008 05:38
To: David Freedman
Cc: nsp-security at puck.nether.net
Subject: Re: [nsp-sec] AS8997
On Tue, 23 Sep 2008, David Freedman wrote:
I've been following this since last night when I saw a number of different
prefixes from a number of different origin ASNs in Israel get hit and
assumed it was a prefix hijacking test run since according to PHAS it was
short lived.
Now that others are seeing it, I guess it isn't only Israel being affected
:-)
-Hank
> ----------- nsp-security Confidential --------
>
> Mentioned on IRC earlier:
>
> [22:53] <vato-5413> anyone else noticed AS8997 up to no good?
> [22:53] <vato-5413> various possible hijacks of our space this afternoon
> [22:53] <vato-5413> others reporting same
> [22:54] <vato-5413> interesting announcements visible on route-views
> [22:54] <vato-5413> phas reported it - myasn/iar haven't as yet
> [22:58] <vato-5413> 3277 3267 8997 seems to be the commonest suspicious path
>
> I've had numerous jacking alerts from PHAS about this.
>
> Anybody have any info on this?
>
> ------------------------------------------------
> David Freedman
> Group Network Engineering
> Claranet Limited
> http://www.clara.net
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list