[AusNOG] google potential route hijacked.

Binh Lam ccie12218 at gmail.com
Wed Nov 14 09:26:41 EST 2018


.
https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/


On Tue, Nov 13, 2018 at 3:16 PM Binh Lam <ccie12218 at gmail.com> wrote:

> Dear AusNOG..
>
> The latest News about route hijacked, again raises the concerns about
> potential route hijacked, it can happen anytime to anyone..
>
> https://www.itnews.com.au/news/route-leak-sends-google-cloud-traffic-to-russia-515489
>
> how to prevent it?
>
> looking at the prefix was hijacked...
>
>  whois -h rr.ntt.net 216.58.192.0/19
> [Querying rr.ntt.net]
> [rr.ntt.net]
> route:      216.58.192.0/19
> descr:      Spectrum Networks LLC
>             Customer proxy registration
>             noc at spectrumnet.us for removal
> origin:     AS30620
> mnt-by:     MAINT-AS11404
> changed:    john at vanoppen.com 20080709  #16:56:24Z
> source:     RADB
>
> route:      216.58.192.0/19
> descr:      Google
> origin:     AS15169
> notify:     radb-contact at google.com
> mnt-by:     MAINT-AS15169
> changed:    radb-contact at google.com 20150728
> source:     RADB
>
> route:      216.58.192.0/19
> descr:      Fox Internet
> origin:     AS19281
> remarks:    Announced via 10609
> notify:     noc at noanet.net
> mnt-by:     MAINT-AS16713
> changed:    mksmith at noanet.net 20031009
> source:     RADB
>
> route:         216.58.192.0/19
> descr:         route register for foxcomm
> origin:        AS19281
> mnt-by:        FOXCOMM-MNT
> changed:       michael.renner at level3.com 20031104
> source:        LEVEL3
>
> route:      216.58.192.0/19
> descr:      NET-216-58-192-0-1
> origin:     AS15169
> remarks:    This route object represents authoritative data retrieved from
> ARIN's WHOIS service.
> remarks:    The original data can be found here:
> https://whois.arin.net/rest/net/NET-216-58-192-0-1
> remarks:    This route object is the result of an automated WHOIS-to-IRR
> conversion process.
> mnt-by:     MAINT-JOB
> changed:    job at ntt.net 20120127
> source:     ARIN-WHOIS
>
>
> --- How to avoid?
>
> https://www.ausnog.net/sites/default/files/ausnog-2018/presentations/2.10.5_Binh_Lam_AusNOG2018_Lightning.pdf
>
> I highly recommended all of large ISP, ASP, Cloud Provider, or any
> critical infrastructure hosting..
> 1. clean up your route object. enable rpki for your route objects..
> 2. review filter policy
> 3. review routing policy.. > announce /24 to all upstreams, peers equally
> for your critical infrastructure!
>
>
> any other comments are welcome!
>
> Cheers,
> Binh
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181114/64e52c52/attachment.html>


More information about the AusNOG mailing list