<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>
<div>5:05 here</div>
<div>
<div>
<p style="margin: 0px; font-size: 12px; font-family: Consolas;">--</p>
<p style="margin: 0px; font-size: 12px; font-family: Consolas;">Ben Peters email:
<a href="mailto:ben@apnic.net">ben@apnic.net</a></p>
<p style="margin: 0px; font-size: 12px; font-family: Consolas;">Network Engineer, APNIC direct: +61 7 3858 3154</p>
<p style="margin: 0px; font-size: 12px; font-family: Consolas;"><span style="text-decoration: underline"><a href="http://www.apnic.net/">http://www.apnic.net</a></span></p>
</div>
<div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;">
<div style="word-wrap: break-word;">
<div><font color="#888888"></font></div>
<font color="#888888"></font></div>
<font color="#888888"></font></blockquote>
</div>
</div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Branko Stanic <<a href="mailto:branko.stanic@rea-group.com">branko.stanic@rea-group.com</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, 3 April 2014 10:54 am<br>
<span style="font-weight:bold">To: </span>Damien Luke <<a href="mailto:damien.luke@gmail.com">damien.luke@gmail.com</a>><br>
<span style="font-weight:bold">Cc: </span>"<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>" <<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [AusNOG] BGPMon/Thailand AS4761 Hijacking<br>
</div>
<div><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
I’ve got first one at 6:20AM
<div><br>
</div>
<div><br>
<div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">
<div style="font-family: Calibri, sans-serif; font-size: 14px;"><b style="font-family: 'Times New Roman', serif; font-size: 12pt;"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif;">Branko Stanic</span></b><span style="color: rgb(0, 0, 145); font-size: 10.5pt;"> </span></div>
<div style="font-family: Calibri, sans-serif; font-size: 14px;"><span style="font-size: 10.5pt;"><font color="#666666">Network Engineer</font></span></div>
<div style="font-family: Calibri, sans-serif; font-size: 14px;">
<div style="font-family: Consolas; font-size: medium;">
<div style="font-family: Calibri;">
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;">
<span style="color: rgb(0, 0, 145); font-size: 10.5pt; font-family: Calibri, sans-serif;"><br>
</span><span style="color: rgb(102, 102, 102); font-size: 10.5pt; font-family: Calibri, sans-serif;">T</span><span style="color: rgb(0, 0, 145); font-size: 10.5pt; font-family: Calibri, sans-serif;"> +61 4 0574 0061<br>
</span><span style="color: rgb(102, 102, 102); font-size: 10.5pt; font-family: Calibri, sans-serif;"><br>
Email</span><span style="color: rgb(0, 0, 145); font-size: 10.5pt; font-family: Calibri, sans-serif;"> </span><a href="mailto:branko.stanic@rea-group.com" style="font-size: 14px; font-family: Calibri;">branko.stanic@rea-group.com</a></div>
</div>
<div style="font-family: Calibri;">
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;">
<span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: rgb(102, 102, 102);">Visit</span><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: rgb(0, 0, 145);"> <a href="http://www.rea-group.com/" style="color: purple;">www.rea-group.com</a> <br>
<br>
</span></div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div>
<div>On 3 Apr 2014, at 11:47 am, Damien Luke <<a href="mailto:damien.luke@gmail.com">damien.luke@gmail.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div dir="ltr">First notification from BGPmon was around 6:50am AEST. They're usually pretty quick with notifications.
<div><br>
</div>
<div>Damien<br>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, Apr 3, 2014 at 11:41 AM, Alex Samad - Yieldbroker
<span dir="ltr"><<a href="mailto:Alex.Samad@yieldbroker.com" target="_blank">Alex.Samad@yieldbroker.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-AU" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal"><span style="color:#1f497d">Do we know when this started to happen ? around 5am our time (AEST) ?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">A<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif;">From:</span></b><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif;"> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>Tristram Cheer<br>
<b>Sent:</b> Thursday, 3 April 2014 11:33 AM</span></p>
<div>
<div class="h5"><br>
<b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] BGPMon/Thailand AS4761 Hijacking<u></u><u></u></div>
</div>
<div><br class="webkit-block-placeholder">
</div>
</div>
</div>
<div>
<div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-NZ" style="color:#1f497d">Just got this response from their NOC contact:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style="color:#1f497d">“</span><span lang="EN-US" style="color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; color: rgb(31, 73, 125);">Dear Sir,
<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; color: rgb(31, 73, 125);"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; color: rgb(31, 73, 125);">Today we have trouble with our network and still investigate.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; color: rgb(31, 73, 125);"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; color: rgb(227, 108, 10);">Thank's<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; color: rgb(227, 108, 10);">xxxxxxxx
<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; color: rgb(227, 108, 10);">TOC IP Surveillance</span><span lang="EN-US" style="color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style="color:#1f497d">“<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style="color:#1f497d"><u></u> <u></u></span></p>
<p><span lang="EN-NZ" style="color:#7d7d7d">--</span><span lang="EN-NZ"><u></u><u></u></span></p>
<p><b><span lang="EN-NZ" style="font-family: Verdana, sans-serif; color: rgb(125, 125, 125);">Tristram Cheer</span></b><span lang="EN-NZ" style="font-size: 7.5pt; font-family: Verdana, sans-serif; color: rgb(125, 125, 125);"><br>
Network Architect - <i>Most problems are the result of previous solutions...</i></span><span lang="EN-NZ"><u></u><u></u></span></p>
<p><span lang="EN-NZ"><span><image001.jpg></span><u></u><u></u></span></p>
<p><span lang="EN-NZ" style="font-size: 7.5pt; font-family: Verdana, sans-serif; color: rgb(125, 125, 125);">09 438 5472 Ext 803 |<a href="tel:022%20412%201985" value="+61224121985" target="_blank">022 412 1985</a> | PO Box 5083, Whangarei, 0140</span><span lang="EN-NZ"> <br>
</span><span lang="EN-NZ" style="font-size: 7.5pt; font-family: Verdana, sans-serif; color: rgb(125, 125, 125);"><a href="mailto:tristram.cheer@ubergroup.co.nz" title="Click to send email to Tristram Cheer" target="_blank">tristram.cheer@ubergroup.co.nz</a> |<a href="http://www.uber.co.nz/" title="" target="_blank">www.ubergroup.co.nz</a></span><span lang="EN-NZ"><u></u><u></u></span></p>
<p><span lang="EN-NZ"><a href="http://ubergroup.co.nz/fb" target="_blank"><span style="text-decoration:none"><span><image005.png></span></span></a>
<a href="https://twitter.com/#!/ubergroupltd" target="_blank"><span style="text-decoration:none"><span><image007.png></span></span></a><u></u><u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG [<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>Michael Gehrmann<br>
<b>Sent:</b> Thursday, 3 April 2014 12:21 p.m.<br>
<b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] BGPMon/Thailand AS4761 Hijacking<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-NZ"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">We got alerts for several /24’s out of our larger blocks.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN" style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);">Michael Gehrmann<br>
<b>Hosting Support Specialist – Networks <br>
Macquarie Telecom</b> <u></u><u></u></span></p>
<div>
<div>
<div>
<div>
<div class="MsoNormal"><span lang="EN" style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);">
<hr size="2" width="760" style="width:570.0pt" align="left">
</span></div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif;">From:</span></b><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif;"> AusNOG [<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>Tristram Cheer<br>
<b>Sent:</b> Thursday, 3 April 2014 6:08 AM<br>
<b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> [AusNOG] BGPMon/Thailand AS4761 Hijacking<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-NZ" style="">Hi All,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style=""><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style="">Is anyone else getting alerts that AS4761 is hijacking IP ranges? I’ve just got alerting from BGPMon that all of our ASN’s announced prefix’s are being announced by AS4761. So far it’s only showing up at a peer
in Thailand.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style=""><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style=""><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style=""><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-NZ" style="">Cheers<u></u><u></u></span></p>
<p><span lang="EN-NZ" style="color:#7d7d7d">--</span><span lang="EN-NZ"><u></u><u></u></span></p>
<p><b><span lang="EN-NZ" style="font-family: Verdana, sans-serif; color: rgb(125, 125, 125);">Tristram Cheer</span></b><span lang="EN-NZ" style="font-size: 7.5pt; font-family: Verdana, sans-serif; color: rgb(125, 125, 125);"><br>
Network Architect - <i>Most problems are the result of previous solutions...</i></span><span lang="EN-NZ"><u></u><u></u></span></p>
<p><span lang="EN-NZ"><span><image001.jpg></span><u></u><u></u></span></p>
<p><span lang="EN-NZ" style="font-size: 7.5pt; font-family: Verdana, sans-serif; color: rgb(125, 125, 125);">09 438 5472 Ext 803 |<a href="tel:022%20412%201985" value="+61224121985" target="_blank">022 412 1985</a> | PO Box 5083, Whangarei, 0140</span><span lang="EN-NZ"> <br>
</span><span lang="EN-NZ" style="font-size: 7.5pt; font-family: Verdana, sans-serif; color: rgb(125, 125, 125);"><a href="mailto:tristram.cheer@ubergroup.co.nz" title="Click to send email to Tristram Cheer" target="_blank">tristram.cheer@ubergroup.co.nz</a> |<a href="http://www.uber.co.nz/" title="" target="_blank">www.ubergroup.co.nz</a></span><span lang="EN-NZ"><u></u><u></u></span></p>
<p><span lang="EN-NZ"><a href="http://ubergroup.co.nz/fb" target="_blank"><span style="text-decoration:none"><span><image008.png></span></span></a>
<a href="https://twitter.com/#!/ubergroupltd" target="_blank"><span style="text-decoration:none"><span><image009.png></span></span></a><u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</span>
</body>
</html>