[AusNOG] google potential route hijacked.

Binh Lam ccie12218 at gmail.com
Tue Nov 13 15:16:13 EST 2018


Dear AusNOG..

The latest News about route hijacked, again raises the concerns about
potential route hijacked, it can happen anytime to anyone..
https://www.itnews.com.au/news/route-leak-sends-google-cloud-traffic-to-russia-515489

how to prevent it?

looking at the prefix was hijacked...

 whois -h rr.ntt.net 216.58.192.0/19
[Querying rr.ntt.net]
[rr.ntt.net]
route:      216.58.192.0/19
descr:      Spectrum Networks LLC
            Customer proxy registration
            noc at spectrumnet.us for removal
origin:     AS30620
mnt-by:     MAINT-AS11404
changed:    john at vanoppen.com 20080709  #16:56:24Z
source:     RADB

route:      216.58.192.0/19
descr:      Google
origin:     AS15169
notify:     radb-contact at google.com
mnt-by:     MAINT-AS15169
changed:    radb-contact at google.com 20150728
source:     RADB

route:      216.58.192.0/19
descr:      Fox Internet
origin:     AS19281
remarks:    Announced via 10609
notify:     noc at noanet.net
mnt-by:     MAINT-AS16713
changed:    mksmith at noanet.net 20031009
source:     RADB

route:         216.58.192.0/19
descr:         route register for foxcomm
origin:        AS19281
mnt-by:        FOXCOMM-MNT
changed:       michael.renner at level3.com 20031104
source:        LEVEL3

route:      216.58.192.0/19
descr:      NET-216-58-192-0-1
origin:     AS15169
remarks:    This route object represents authoritative data retrieved from
ARIN's WHOIS service.
remarks:    The original data can be found here:
https://whois.arin.net/rest/net/NET-216-58-192-0-1
remarks:    This route object is the result of an automated WHOIS-to-IRR
conversion process.
mnt-by:     MAINT-JOB
changed:    job at ntt.net 20120127
source:     ARIN-WHOIS


--- How to avoid?
https://www.ausnog.net/sites/default/files/ausnog-2018/presentations/2.10.5_Binh_Lam_AusNOG2018_Lightning.pdf

I highly recommended all of large ISP, ASP, Cloud Provider, or any critical
infrastructure hosting..
1. clean up your route object. enable rpki for your route objects..
2. review filter policy
3. review routing policy.. > announce /24 to all upstreams, peers equally
for your critical infrastructure!


any other comments are welcome!

Cheers,
Binh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181113/07821232/attachment.html>


More information about the AusNOG mailing list