nanog mailing list archives

RE: Prefix hijacking by AS20115

From: Jürgen Jaritsch <jj () anexia at>
Date: Tue, 29 Sep 2015 05:14:29 +0000

Cogent and Level3 will tell you that you are not their customer ...HE and XO will react.


Jürgen Jaritsch
Head of Network & Infrastructure

ANEXIA Internetdienstleistungs GmbH

Telefon: +43-5-0556-300
Telefax: +43-5-0556-500

E-Mail: jj () anexia at
Web: http://www.anexia.at

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601


-----Original Message-----
From: Paul S. [contact () winterei se]
Received: Dienstag, 29 Sep. 2015, 6:57
To: nanog () nanog org [nanog () nanog org]
Subject: Re: Prefix hijacking by AS20115

+1, this is the only sensible advice here.

NSPs actually do seem to care about not letting things like these happen.

On 2015/09/29 01:24 PM, Hank Nussbacher wrote:

At 23:11 28/09/2015 -0400, Josh Luthman wrote:

Start announcing their prefixes?


Contact the upstreams of AS20115 - Cogent, Level3, HE and XO.

-Hank

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Sep 28, 2015 11:09 PM, "Seth Mattinen" <sethm () rollernet us> wrote:

On 9/28/15 18:30, William Herrin wrote:

On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <sethm () rollernet us>
wrote:

I've got a problem where AS20115 continues to announce prefixes

after BGP

neighbors were shutdown. They claim it's a wedged BGP process but

aren't

in
any hurry to fix it outside of a maintenance window.


If they weren't lying to you, they'd fix it now. That's not the kind
of problem that waits.

Thing is: they lied to you. Long ago they "helpfully" programmed

their

router to announce your route regardless of whether you sent a route
to them. They want to wait for a maintenance window to remove that
configuration.


I'm at a loss of what else I can do. They admit the problem but

won't take

action saying it needs to wait for a maintenance window. Am I out

of line

insisting that's an unacceptable response to a problem that

results in

prefix/traffic hijacking?


Try dropping the link entirely. If they still announce your

addresses,

bring it back up but report it as emergency down, escalate, and call
back every 10 minutes until the junior tech understands that it's

time

to call and wake up the guy who makes the decision to fix it now.


I'm at the tail end here almost 8 hours later since the hijacking

started.

Their NOC is just blowing me off now and they're happy to continue the
hijacking until it's convenient for them to have a maintenance

window. And

that's apparently the final decision.

~Seth

Current thread:

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115), (continued)
- - - Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115) Bob Evans (Sep 29)
    - Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115) Matthew Walster (Sep 29)
    - Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115) Pete Mundy (Sep 29)
    - Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115 Royce Williams (Sep 29)
    - Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115 Jay Ashworth (Sep 29)
    - Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115 Aaron (Sep 29)
    - Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115 John Todd (Sep 29)
    - Re: Prefix hijacking by AS20115 goemon (Sep 28)
    - Message not available
    - Re: Prefix hijacking by AS20115 Hank Nussbacher (Sep 28)
    - Re: Prefix hijacking by AS20115 Paul S. (Sep 28)
    - RE: Prefix hijacking by AS20115 Jürgen Jaritsch (Sep 28)