[AusNOG] Urgent - Pacnet NOC contact (with BGP clue)

Nick @ Deltaband nick at deltaband.com
Sat Dec 11 23:59:29 EST 2010 

Skeeve,

>From memory pacnet are big fans of the info in radb.net for filtering
purposes... i was going to suggest updating your objects to reflect that
pacnet's customer is no longer an upstream... but then i checked it:

[root at vhost1 ~]# whois 180.189.136.0 at whois.radb.net
[Querying whois.radb.net]
[whois.radb.net]
route:      180.189.136.0/22
descr:      PACNET (proxy-registered route object)
origin:     AS45914
remarks:    This route object is for a PACNET customer route which is
                   being exported under this origin AS.
                   +
                   This route object was created because no existing route
                   object with the same origin was found, and since some
                   ANC peers filter based on these objects this route
                   may be rejected if this object is not created.
                   +
                   Please contact abuse at pacnet.net if you have any
            Concerns regarding Spam/Abuses related to this object
                   +
                   Please contact ip-noc at pacnet.net if you have any other
                   Questions regarding this object.
notify:     ip-noc at pacnet.net
mnt-by:     MAINT-AS10026
changed:    ip-noc at pacnet.net 20100204
source:     RADB
[root at vhost1 ~]# whois AS45914
[Querying whois.radb.net]
[whois.radb.net]
aut-num:      AS45914
as-name:      ALUMINA-NETWORKS-AS-AP
descr:        Alumina Networks Pty Ltd
descr:        Suite 1230, 1 Queens Road, Melbourne 3004
country:      AU
admin-c:      ANPL1-AP
tech-c:       ANPL1-AP
mnt-routes:   MAINT-ALUMINA-NETWORKS-AU
mnt-by:       MAINT-ALUMINA-NETWORKS-AU
changed:      hm-changed at apnic.net 20090921
source:       APNIC

Seems you might have to ask pacnet to update it as they created the objects
on behalf of your client's old upstream.

If the AFP don't give any joy perhaps an e-mail from Alumina, stating that
as the origin AS for the above netblock (as per pacnet's own proxy
registered object) you request they stop accepting the following route from
their customer as they are falsely advertising the route with the origin as
themselves (AS23871):

BGP routing table entry for 180.189.136.0/24, version 112823
Paths: (2 available, best #1, table default)
  Not advertised to any peer
  10026 23871
    125.255.112.254 (metric 25) from 210.23.158.70 (210.23.158.70)
      Origin IGP, metric 0, localpref 400, valid, internal, best
      Community: 7543:1050 7543:1150 7543:1300 7543:1372 7543:2200
10026:4200 10026:33036 10026:40671
  10026 23871
    210.23.158.70 (metric 25) from 210.23.158.71 (210.23.158.71)
      Origin IGP, metric 0, localpref 400, valid, internal
      Community: 7543:1050 7543:1150 7543:1300 7543:1372 7543:2200
10026:4200 10026:33036 10026:40671
      Originator: 210.23.158.70, Cluster list: 210.23.158.71, 0.0.1.164

Good luck.






On Sat, Dec 11, 2010 at 10:02 PM, Skeeve Stevens <Skeeve at eintellego.net>wrote:

>  The AFP is now involved - so let's see what happens now.
>
> I must say, the AFP agent understood exactly what the issue was, BGP and
> all. Very impressed.
>
>
> ...Skeeve (from the Gorillaz concert in Melbourne)
>
> --
> From the Blackberry Bold 9700 of Skeeve Stevens
>
>  *From*: Matt Hope [mailto:matt.hope at nicta.com.au]
> *Sent*: Saturday, December 11, 2010 09:51 PM
> *To*: ausnog at lists.ausnog.net <ausnog at lists.ausnog.net>
> *Subject*: Re: [AusNOG] Urgent - Pacnet NOC contact (with BGP clue)
>
>
> If you, or your customer is a AusCERT member, then this is likely something
> they can help with - if only to assist with legal proceedings.
>
> AusCERT do have a 24x7 members-only contact line, members can see the
> details here: https://www.auscert.org.au/render.html?it=5141
>
>
>  - Matt
>
> On 10/12/10 19:59, Skeeve Stevens wrote:
>
>  So, to update.
>
>
>
> After finally getting a Pacnet engineer who understood BGP and the issue
> (and was referring to my initial email to AusNOG), the engineer was
> instructed by his boss (don’t have a name) to tell me to call APNIC.... but
> couldn’t tell me what they expected APNIC to do.
>
>
>
> I informed the Pacnet engineer (Ramon) that if they keep allowing AINS to
> announce the ranges (see below) then they are party to the Denial of Service
> that is going on and in turn are committing a criminal act as well.
>
>
>
> Btw... the ranges I noted: 180.189.136.0/22 and 175.45.144.0/20 are being
> announced by AINS as /24’s for maximum disruption effect.
>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20101211/419b5555/attachment.html>

More information about the AusNOG mailing list