<div dir="ltr"><div dir="ltr">.<div><a href="https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/">https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/</a><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 13, 2018 at 3:16 PM Binh Lam <<a href="mailto:ccie12218@gmail.com">ccie12218@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Dear AusNOG..</div><div><br></div><div>The latest News about route hijacked, again raises the concerns about potential route hijacked, it can happen anytime to anyone..</div><div><a href="https://www.itnews.com.au/news/route-leak-sends-google-cloud-traffic-to-russia-515489" target="_blank">https://www.itnews.com.au/news/route-leak-sends-google-cloud-traffic-to-russia-515489</a><br><br class="m_6534621596494747673gmail-Apple-interchange-newline"></div><div>how to prevent it?</div><div><br></div><div>looking at the prefix was hijacked...</div><div><br></div><div><div> whois -h <a href="http://rr.ntt.net" target="_blank">rr.ntt.net</a> <a href="http://216.58.192.0/19" target="_blank">216.58.192.0/19</a></div><div>[Querying <a href="http://rr.ntt.net" target="_blank">rr.ntt.net</a>]</div><div>[<a href="http://rr.ntt.net" target="_blank">rr.ntt.net</a>]</div><div>route:      <a href="http://216.58.192.0/19" target="_blank">216.58.192.0/19</a></div><div>descr:      Spectrum Networks LLC</div><div>            Customer proxy registration</div><div>            <a href="mailto:noc@spectrumnet.us" target="_blank">noc@spectrumnet.us</a> for removal</div><div>origin:     AS30620</div><div>mnt-by:     MAINT-AS11404</div><div>changed:    <a href="mailto:john@vanoppen.com" target="_blank">john@vanoppen.com</a> 20080709  #16:56:24Z</div><div>source:     RADB</div><div><br></div><div>route:      <a href="http://216.58.192.0/19" target="_blank">216.58.192.0/19</a></div><div>descr:      Google</div><div>origin:     AS15169</div><div>notify:     <a href="mailto:radb-contact@google.com" target="_blank">radb-contact@google.com</a></div><div>mnt-by:     MAINT-AS15169</div><div>changed:    <a href="mailto:radb-contact@google.com" target="_blank">radb-contact@google.com</a> 20150728</div><div>source:     RADB</div><div><br></div><div>route:      <a href="http://216.58.192.0/19" target="_blank">216.58.192.0/19</a></div><div>descr:      Fox Internet</div><div>origin:     AS19281</div><div>remarks:    Announced via 10609</div><div>notify:     <a href="mailto:noc@noanet.net" target="_blank">noc@noanet.net</a></div><div>mnt-by:     MAINT-AS16713</div><div>changed:    <a href="mailto:mksmith@noanet.net" target="_blank">mksmith@noanet.net</a> 20031009</div><div>source:     RADB</div><div><br></div><div>route:         <a href="http://216.58.192.0/19" target="_blank">216.58.192.0/19</a></div><div>descr:         route register for foxcomm</div><div>origin:        AS19281</div><div>mnt-by:        FOXCOMM-MNT</div><div>changed:       <a href="mailto:michael.renner@level3.com" target="_blank">michael.renner@level3.com</a> 20031104</div><div>source:        LEVEL3</div><div><br></div><div>route:      <a href="http://216.58.192.0/19" target="_blank">216.58.192.0/19</a></div><div>descr:      NET-216-58-192-0-1</div><div>origin:     AS15169</div><div>remarks:    This route object represents authoritative data retrieved from ARIN's WHOIS service.</div><div>remarks:    The original data can be found here: <a href="https://whois.arin.net/rest/net/NET-216-58-192-0-1" target="_blank">https://whois.arin.net/rest/net/NET-216-58-192-0-1</a></div><div>remarks:    This route object is the result of an automated WHOIS-to-IRR conversion process.</div><div>mnt-by:     MAINT-JOB</div><div>changed:    <a href="mailto:job@ntt.net" target="_blank">job@ntt.net</a> 20120127</div><div>source:     ARIN-WHOIS</div></div><div><br></div><div><br></div><div>--- How to avoid?</div><div><a href="https://www.ausnog.net/sites/default/files/ausnog-2018/presentations/2.10.5_Binh_Lam_AusNOG2018_Lightning.pdf" target="_blank">https://www.ausnog.net/sites/default/files/ausnog-2018/presentations/2.10.5_Binh_Lam_AusNOG2018_Lightning.pdf</a><br></div><div><br></div><div>I highly recommended all of large ISP, ASP, Cloud Provider, or any critical infrastructure hosting..</div><div>1. clean up your route object. enable rpki for your route objects..</div><div>2. review filter policy</div><div>3. review routing policy.. > announce /24 to all upstreams, peers equally for your critical infrastructure!</div><div><div dir="ltr"><br></div><div dir="ltr"><br></div></div><div>any other comments are welcome!</div><div><br></div><div>Cheers,</div><div>Binh</div><div><br></div><div><br></div><div><br></div></div></div></div>
</blockquote></div>