Skeeve,<div><br></div><div>From memory pacnet are big fans of the info in <a href="http://radb.net">radb.net</a> for filtering purposes... i was going to suggest updating your objects to reflect that pacnet's customer is no longer an upstream... but then i checked it:</div>
<div><br></div><div><div>[root@vhost1 ~]# whois <a href="mailto:180.189.136.0@whois.radb.net">180.189.136.0@whois.radb.net</a></div><div>[Querying <a href="http://whois.radb.net">whois.radb.net</a>]</div><div>[<a href="http://whois.radb.net">whois.radb.net</a>]</div>
<div>route: <a href="http://180.189.136.0/22">180.189.136.0/22</a></div><div>descr: PACNET (proxy-registered route object)</div><div>origin: AS45914</div><div>remarks: This route object is for a PACNET customer route which is</div>
<div> being exported under this origin AS.</div><div> +</div><div> This route object was created because no existing route</div><div> object with the same origin was found, and since some</div>
<div> ANC peers filter based on these objects this route</div><div> may be rejected if this object is not created.</div><div> +</div><div> Please contact <a href="mailto:abuse@pacnet.net">abuse@pacnet.net</a> if you have any</div>
<div> Concerns regarding Spam/Abuses related to this object</div><div> +</div><div> Please contact <a href="mailto:ip-noc@pacnet.net">ip-noc@pacnet.net</a> if you have any other</div>
<div> Questions regarding this object.</div><div>notify: <a href="mailto:ip-noc@pacnet.net">ip-noc@pacnet.net</a></div><div>mnt-by: MAINT-AS10026</div><div>changed: <a href="mailto:ip-noc@pacnet.net">ip-noc@pacnet.net</a> 20100204</div>
<div>source: RADB</div><div>[root@vhost1 ~]# whois AS45914</div><div>[Querying <a href="http://whois.radb.net">whois.radb.net</a>]</div><div>[<a href="http://whois.radb.net">whois.radb.net</a>]</div><div>aut-num: AS45914</div>
<div>as-name: ALUMINA-NETWORKS-AS-AP</div><div>descr: Alumina Networks Pty Ltd</div><div>descr: Suite 1230, 1 Queens Road, Melbourne 3004</div><div>country: AU</div><div>admin-c: ANPL1-AP</div>
<div>tech-c: ANPL1-AP</div><div>mnt-routes: MAINT-ALUMINA-NETWORKS-AU</div><div>mnt-by: MAINT-ALUMINA-NETWORKS-AU</div><div>changed: <a href="mailto:hm-changed@apnic.net">hm-changed@apnic.net</a> 20090921</div>
<div>source: APNIC</div></div><div><br></div><div>Seems you might have to ask pacnet to update it as they created the objects on behalf of your client's old upstream.</div><div><br></div><div>If the AFP don't give any joy perhaps an e-mail from Alumina, stating that as the origin AS for the above netblock (as per pacnet's own proxy registered object) you request they stop accepting the following route from their customer as they are falsely advertising the route with the origin as themselves (AS23871):</div>
<div><br></div><div><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><pre>BGP routing table entry for <a href="http://180.189.136.0/24">180.189.136.0/24</a>, version 112823
Paths: (2 available, best #1, table default)
Not advertised to any peer
10026 23871
125.255.112.254 (metric 25) from 210.23.158.70 (210.23.158.70)
Origin IGP, metric 0, localpref 400, valid, internal, best
Community: 7543:1050 7543:1150 7543:1300 7543:1372 7543:2200 10026:4200 10026:33036 10026:40671
10026 23871
210.23.158.70 (metric 25) from 210.23.158.71 (210.23.158.71)
Origin IGP, metric 0, localpref 400, valid, internal
Community: 7543:1050 7543:1150 7543:1300 7543:1372 7543:2200 10026:4200 10026:33036 10026:40671
Originator: 210.23.158.70, Cluster list: 210.23.158.71, 0.0.1.164</pre></span><pre><font class="Apple-style-span" face="'Times New Roman'" size="3"><span class="Apple-style-span" style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;">Good luck.</span></font></pre>
<pre><font class="Apple-style-span" face="'Times New Roman'" size="3"><span class="Apple-style-span" style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;"><br></span></font></pre><pre>
<font class="Apple-style-span" face="'Times New Roman'" size="3"><span class="Apple-style-span" style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;"><br></span></font></pre><pre style="font-family: 'Times New Roman'; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; font-size: medium; ">
<br></pre><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><pre><br></pre></span></div><div><br>
</div><div><div class="gmail_quote">On Sat, Dec 11, 2010 at 10:02 PM, Skeeve Stevens <span dir="ltr"><<a href="mailto:Skeeve@eintellego.net">Skeeve@eintellego.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div text="#000000" bgcolor="#ffffff"><font style="font-size:11.0pt;color:#1F497D">
The AFP is now involved - so let's see what happens now.<br><br>I must say, the AFP agent understood exactly what the issue was, BGP and all. Very impressed.<br><br><br>...Skeeve (from the Gorillaz concert in Melbourne)<br>
<br>--
<br>From the Blackberry Bold 9700 of Skeeve Stevens</font><br> <br>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<font style="font-size:10.0pt">
<b>From</b>: Matt Hope [mailto:<a href="mailto:matt.hope@nicta.com.au" target="_blank">matt.hope@nicta.com.au</a>]
<br><b>Sent</b>: Saturday, December 11, 2010 09:51 PM<br><b>To</b>: <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a> <<a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a>>
<br><div class="im"><b>Subject</b>: Re: [AusNOG] Urgent - Pacnet NOC contact (with BGP clue)
<br></div></font> <br></div><div><div></div><div class="h5">
<br>
If you, or your customer is a AusCERT member, then this is likely
something they can help with - if only to assist with legal
proceedings.<br>
<br>
AusCERT do have a 24x7 members-only contact line, members can see
the details here: <a href="https://www.auscert.org.au/render.html?it=5141" target="_blank">https://www.auscert.org.au/render.html?it=5141</a><br>
<br>
<br>
- Matt<br>
<br>
On 10/12/10 19:59, Skeeve Stevens wrote:
<blockquote type="cite">
<div>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)">So,
to update.</span></p>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)"> </span></p>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)">After
finally getting a Pacnet
engineer who understood BGP and the issue (and was referring
to my initial
email to AusNOG), the engineer was instructed by his boss
(don’t have a
name) to tell me to call APNIC.... but couldn’t tell me what
they
expected APNIC to do.</span></p>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)"> </span></p>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)">I
informed the Pacnet engineer
(Ramon) that if they keep allowing AINS to announce the
ranges (see below) then
they are party to the Denial of Service that is going on and
in turn are committing
a criminal act as well.</span></p>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)"> </span></p>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)">Btw...
the ranges I noted: </span><span style="color:rgb(36, 64, 97)"><a href="http://180.189.136.0/22" target="_blank">180.189.136.0/22</a> and <a href="http://175.45.144.0/20" target="_blank">175.45.144.0/20</a> are being
announced
by AINS as /24’s for maximum disruption effect.</span></p>
<p class="MsoNormal"><span style="color:rgb(36, 64, 97)"> </span></p>
</div>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>