On Tue, Jan 2, 2018 at 9:51 PM, James Milko <jmi...@gmail.com> wrote:
> The output I dumped was from route-views.routeviews.org. On affected > prefes you get 7843->6453->nothing unaffected prefixes get > 7843->6453->15169. Unaffected prefixes don't have more specifics from > 10512. My sample size is only 8 though with a mix of affected and > unaffected users. > > sadly I'm guessing that the peers of 203040 need to clamp down their prefix filters :( (since I see no data in radb, ripe, arin-rr for AS10512 ... I think their prefix-list should be zero length?) > JM > > On Tue, Jan 2, 2018 at 9:30 PM, Christopher Morrow < > morrowc.li...@gmail.com> wrote: > >> it looks like 203040 is a pure transit as (no originated prefixes) and >> 1103 - surfnet could squish what is your view anyway. >> >> On Tue, Jan 2, 2018 at 9:29 PM, Christopher Morrow < >> morrowc.li...@gmail.com> wrote: >> >>> >>> >>> On Tue, Jan 2, 2018 at 8:50 PM, James Milko <jmi...@gmail.com> wrote: >>> >>>> Not sure if anyone from Spectrum is looking here at this hour, but >>>> someone >>>> is hijacking a few of your prefixes. It's causing problems in my area >>>> (NC) >>>> with reaching Google services. I'm sure there are other impacts, but >>>> that's what people are noticing. >>>> >>>> Sorry if this hits the list twice, I sent it from the wrong e-mail >>>> address >>>> the first go round. >>>> >>>> * 107.12.0.0/16 193.0.0.56 0 3333 >>>> 1103 >>>> 203040 10512 i >>>> *> 103.247.3.45 0 58511 >>>> 203040 >>>> 10512 i >>>> * 107.13.0.0/16 193.0.0.56 0 3333 >>>> 1103 >>>> 203040 10512 i >>>> *> 103.247.3.45 0 58511 >>>> 203040 >>>> 10512 i >>>> * 107.14.0.0/16 193.0.0.56 0 3333 >>>> 1103 >>>> 203040 10512 i >>>> Network Next Hop Metric LocPrf Weight Path >>>> *> 103.247.3.45 0 58511 >>>> 203040 >>>> 10512 i >>>> * 107.15.0.0/16 193.0.0.56 0 3333 >>>> 1103 >>>> 203040 10512 i >>>> * 103.247.3.45 0 58511 >>>> 203040 >>>> 10512 i >>>> >>> >>> E-Forex you say? shocker: >>> >>> AS | BGP IPv4 Prefix | AS Name >>> 10512 | 102.164.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 102.194.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 103.116.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 106.128.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 106.129.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 106.130.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 106.131.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 107.12.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 107.13.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 107.14.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 107.15.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 14.5.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 147.17.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 180.237.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.183.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.185.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.186.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.187.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.188.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.189.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.190.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.191.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.192.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.193.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.194.0.0/16 | EFOREX-AS - E-FOREX, US >>> 10512 | 42.195.0.0/16 | EFOREX-AS - E-FOREX, US >>> >>> I'm going to guess they are hijacking a bunch of space and sending spam? >>> (the 42/8 space is variously telecom malaysia and china unicom) >>> the 102 space is un-allocated afrnic space... probably no good these >>> folk are up to. >>> >>> >> >