[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761]

Subject: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761]
From: amps at djlab.com (Randy)
Date: Tue, 26 May 2015 18:49:14 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <DM2PR11MB0158347F304756BE58A63C669B080@DM2PR11MB0158.namprd11.prod.outlook.com> <BN3PR11MB0145DE4F129D94AE428679D69B080@BN3PR11MB0145.namprd11.prod.outlook.com> <[email protected]>

Ignore my noise, I don't think there was new activity today (although 
something weird def. happened).   BGPmon list was sorted by wrong column 
and I mixed the dates up.   Although it's still showing as active since 
march which I thought said provider resolved...

On 03/26/2015 8:26 pm, ML wrote:
> Wouldn't it be a BCP to set no-export from the Noction device too?
> 
> 
> On 3/26/2015 6:20 PM, Nick Rose wrote:
>> Several people asked me off list for more details, here is what I have 
>> regarding it.
>> 
>> This morning a tier2 isp that connects to our network made an error in 
>> their router configuration causing the route leakage. The issue has 
>> been addressed and we will be performing a full post mortem to ensure 
>> this does not happen again.
>> While investigating the issue we did find that the noction appliance 
>> stopped advertising the no export community string with its 
>> advertisements which is why certain prefixes were also seen.
>> 
>> Regards,
>> Nick Rose
>> CTO @ Enzu Inc.
>> 
>> -----Original Message-----
>> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Nick Rose
>> Sent: Thursday, March 26, 2015 3:49 PM
>> To: amps at djlab.com; Peter Rocca
>> Cc: nanog at nanog.org
>> Subject: RE: More specifics from AS18978 [was: Prefix hijack by 
>> INDOSAT AS4795 / AS4761]
>> 
>> This should be resolved from AS18978. If you experience anything else 
>> please let me know and I will get it addressed immediately.
>> 
>> Regards,
>> Nick Rose
>> CTO @ Enzu Inc.
>> 
>> -----Original Message-----
>> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Randy
>> Sent: Thursday, March 26, 2015 12:14 PM
>> To: Peter Rocca
>> Cc: nanog at nanog.org
>> Subject: RE: More specifics from AS18978 [was: Prefix hijack by 
>> INDOSAT AS4795 / AS4761]
>> 
>> On 03/26/2015 9:00 am, Peter Rocca wrote:
>>> +1
>>> 
>>> The summary below aligns with our analysis as well.
>>> 
>>> We've reached out to AS18978 to determine the status of the leak but
>>> at this time we're not seeing any operational impact.
>> +2, after the morning coffee sunk in and helpful off list replies I 
>> can
>> finally see it's probably not INDOSAT involved at all.
>> 
>> FYI, the more specifics are still active:
>> 
>> 2015-03-26 13:56:11	Update	AS4795	ID 	198.98.180.0/23	4795 4795 4761
>> 9304 40633 18978 6939 29889 	Active
>> 2015-03-26 13:56:11	Update	AS4795	ID 	198.98.182.0/23	4795 4795 4761
>> 9304 40633 18978 6939 29889 	Active
>> 
>> --
>> ~Randy

Prev by Date: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761]
Next by Date: gmail security is a joke
Previous by thread: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761]
Next by thread: looking glass software
Index(es):
- Date
- Thread