Re: BGP Hijack/Sickness with AS4637

[Tom Paseka via NANOG <nanog () nanog org>]

This looks like a route that has been cached by some ISPs/routers even
though a withdrawal has actually happened.

If you actually forward packets a long the path, you'll see its not
following the AS Path suggested, instead the real route that it should be.
Bouncing your session with 4637 would likely clear this.

-Tom

On Fri, May 25, 2018 at 11:59 AM, Nikolas Geyer <nik () neko id au> wrote:

> Greetings!
>
> Actually, what you have provided below shows the exact opposite. It shows
> ColoAU have received the route from 4637 who have received it from 3257 who
> have received it from 29909 who have received it from 16532 who originated
> it. It infers nothing about who 16532 found the route to come from.
>
> It is evident that GTT are advertising that route to Telstra Global :)
>
> Regards,
> Nik.
>
> >         And I'm pretty sure AS3257 (GTT ) is in the same boat as us, as
> they're not the one advertising those routes to AS4637
> >     AS16532 found it to come from AS4637 as you can see from this ColoAU
> LG output below
> > ----- https://lg.coloau.com.au/
> >
> > vrf-international.inet.0: 696533 destinations, 2248101 routes (696249
> active, 0 holddown, 103835 hidden)
> > + = Active Route, - = Last Active, * = Both
> >
> > 18.29.238.0/23     *[BGP/170] 1d 19:57:28, localpref 90, from
> 103.97.52.2
> >                       AS path: 4637 3257 29909 16532 16532 16532 16532
> I, validation-state: unverified
> > --
> > -----
> > Alain Hebert                                ahebert () pubnix net
> > PubNIX Inc.
> > 50 boul. St-Charles
> > P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
> > Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443