[nsp-sec] Prefix hijack from AS4761
Barry Greene
bgreene at senki.org
Wed Apr 2 19:27:07 EDT 2014
Hi Team,
I'm in country (Indonesia) - just go woken up to work on this issue. Indosat's mobile services are down, so it is hard to call people there. :-(
I've got my team using all their contacts to reach out.
I think their advertisement is pulling down too much bandwidth, so upstreams to Indosat might consider strict filtering them.
Barry
On Apr 3, 2014, at 3:37 AM, Nick Hilliard <nick at inex.ie> wrote:
> ----------- nsp-security Confidential --------
>
> On 02/04/2014 20:25, Alfredo Sola wrote:
>> We have received alerts from BGPMon that AS4761 (INDOSAT) is hijacking
>> some of our prefixes. It looks a bit like a misconfiguration because
>> they are announcing short prefixes (31.24.120.0/21) rather than
>> deaggregate that into /24s.
>>
>> Have anybody else seen it? Does anybody have a contact (trusted or
>> otherwise) around there?
>
> https://twitter.com/bgpmon/status/451453051409154048
>
> i.e. most of the internet is affected.
>
> Nick
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20140403/f2a69116/attachment-0001.sig>
More information about the nsp-security
mailing list