- Previous message: n3td3v: "Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd)"
- Maybe in reply to: Mark Tinka: "Potential Prefix Hijack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Mohit Lad (no email)
Date: Wed Nov 12 2008 - 12:37:29 EST
The local scope of the event is also the reason that PHAS did not catch the
hijack. Nevertheless, its good to have different services for hijack
detection running independently, especially if they are getting different
feeds. Even a hijack that is local in scope is worth alerting about; if not
anything, at least to ensure it stays local :)
-Mohit
On Nov 12, 2008, at 4:52 AM, Eduardo Ascenço Reis wrote:
Dear Fellows,
I would like to add some information to this thread from AS27664
perspective.
Both AS27664 (CTBC Multimídia) and AS22548 (Nic.br) share two common points:
1. They are IP transit customers from AS16735 (CTBC Telecom).
2. They feed with full BGP routing table the RIS/RIPE project located
at PTTMetro-SP, Brazil (rrc15).
I checked all BGP updates of 2008111[01] from Route Views Archive
Project [1] and looked for prefixes originated by AS16735. I compared
those with the prefixes officially allocated by Registro.br to AS16735
[2] and did not find any case o prefixes from different AS. This
analyses confirms that yesterday AS16735 issue of IP prefixes
Hijacking was not globally propagated.
It seems that only some AS16735's Internet customers (like AS27664 and
AS22548) were affect by this problem.
Regards,
-- Eduardo Ascenço Reis [1] http://archive.routeviews.org/ [2] https://registro.br/cgi-bin/whois/
|
|
|