[nsp-sec] prefix hijack
Chris Morrow
morrowc at ops-netman.net
Mon Nov 25 20:22:10 EST 2013
On 11/25/2013 08:18 PM, Michael Sinatra wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> Brookhaven National Lab has a prefix (130.199.0.0/16) that is currently
> being (inadvertently, we think) hijacked by Lightower (AS46887). We
> have been trying all day to work with Lightower and apparently have not
> been able to reach the appropriate level of clue to properly deal with
> this issue. Here's what routeviews is currently showing:
>
> Network Next Hop Metric LocPrf Weight Path
> * 130.199.0.0 89.149.178.10 10 0 3257 3549
> 46887 i
> * 193.0.0.56 0 3333 3356
you might also try and get SAVVIS to remove the radb entry (then L3 will
stop accepting the prefix):
$ whois -h whois.radb.net 130.199.0.0
route: 130.199.0.0/16
descr: YAPNET
Brookhaven National Laboratory
Upton NY 11973, USA
origin: AS43
notify: ipreg at bnl.gov
mnt-by: MAINT-ESNET
changed: hostmaster at es.net 20110426 #20:22:14Z
source: RADB
route: 130.199.0.0/20
descr: Data-Network_Solutions-133-199-0-0-20
origin: AS31950
mnt-by: MAINT-AS46887
source: SAVVIS
changed: mpribeck at lightower.com 20120214
More information about the nsp-security
mailing list