[nsp-sec] prefix hijack
Michael Sinatra
michael at rancid.berkeley.edu
Mon Nov 25 20:18:10 EST 2013
Hi,
Brookhaven National Lab has a prefix (130.199.0.0/16) that is currently
being (inadvertently, we think) hijacked by Lightower (AS46887). We
have been trying all day to work with Lightower and apparently have not
been able to reach the appropriate level of clue to properly deal with
this issue. Here's what routeviews is currently showing:
Network Next Hop Metric LocPrf Weight Path
* 130.199.0.0 89.149.178.10 10 0 3257 3549
46887 i
* 193.0.0.56 0 3333 3356
46887 i
* 192.203.116.253 0 22388 293 43 i
* 4.69.184.193 0 0 3356 46887 i
* 194.85.40.15 0 3267 6939
46887 i
* 194.85.102.33 0 3277 3267
6939 46887 i
* 209.124.176.223 0 101 101 293
43 i
* 66.185.128.48 2 0 1668 3356
46887 i
In this case, the correct origin ASN is 43 and the WRONG origin ASN is
46887.
We would really appreciate it if Level3/GBLX and HE could filter the
prefix announcement from AS46887. And if anyone knows a Lightower
person with clue, can you please send me their contact information?
Thanks,
Michael Sinatra
ESnet
More information about the nsp-security
mailing list