[nsp-sec] prefix hijack
Michael Sinatra
michael at rancid.berkeley.edu
Mon Nov 25 21:53:25 EST 2013
On 11/25/13 17:22, Chris Morrow wrote:
> ----------- nsp-security Confidential --------
>
>
>
> On 11/25/2013 08:18 PM, Michael Sinatra wrote:
>> ----------- nsp-security Confidential --------
>>
>> Hi,
>>
>> Brookhaven National Lab has a prefix (130.199.0.0/16) that is currently
>> being (inadvertently, we think) hijacked by Lightower (AS46887). We
>> have been trying all day to work with Lightower and apparently have not
>> been able to reach the appropriate level of clue to properly deal with
>> this issue. Here's what routeviews is currently showing:
>>
>> Network Next Hop Metric LocPrf Weight Path
>> * 130.199.0.0 89.149.178.10 10 0 3257 3549
>> 46887 i
>> * 193.0.0.56 0 3333 3356
>
> you might also try and get SAVVIS to remove the radb entry (then L3 will
> stop accepting the prefix):
Yep, I saw that too and will be working on getting it removed. It
appears that Lightower *finally* withdrew their announcement about 15
minutes after I sent my email. After about 8 hours of trying to work
through normal customer channels. :(
michael
More information about the nsp-security
mailing list