[AusNOG] google potential route hijacked.

Binh Lam ccie12218 at gmail.com
Tue Nov 13 15:53:06 EST 2018


On Tue, Nov 13, 2018 at 3:34 PM Aftab Siddiqui <aftab.siddiqui at gmail.com>
wrote:

> Hi Binh,
> Thanks for sharing this. The most likely issue is NO prefix filtering at
> China Telecom end. Mainone (AS37282) leaked probably everything they
> learned from IXPN (Lagos IXP) Route Server to its direct peer AS4809 (China
> Telecom).
>
> I have presented the status of BOGON announcements, Prefix Hijacks and BGP
> Leaks in last 2 AusNOG events and have seen some improvements as well. BUT
> there is so much to do.
>
>
>> --- How to avoid?
>>
>> https://www.ausnog.net/sites/default/files/ausnog-2018/presentations/2.10.5_Binh_Lam_AusNOG2018_Lightning.pdf
>>
>> I highly recommended all of large ISP, ASP, Cloud Provider, or any
>> critical infrastructure hosting..
>> 1. clean up your route object. enable rpki for your route objects..
>>
>
> AU/NZ status of ROAs is close to ZERO.
>
>
>> 2. review filter policy
>>
> Absolutly and probably automate it if you can
>
>
>> 3. review routing policy.. > announce /24 to all upstreams, peers equally
>> for your critical infrastructure!
>>
> Are you suggesting everyone should deaggregate and announce /24?
>

certainly not suggesting everyone on this planet :-).. just to whom who
provided critical infrastructures (ie, email, DNS hosting, cloud providers,
online banking sites subnets, high profile sensitive online sites , etc..)
by announcing /24 will potentially reduce the risk/impact when the route is
hijacked.. looking at route53.. they are now announce /24, instead of 23 as
an example.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181113/bc02dd2f/attachment.html>


More information about the AusNOG mailing list