Re: Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards AS16509)

2022-08-30 Thread borg
Yeah, ARDC sold part of it to Amazon. I doubt they even had right to do
so due to 44/8 was an legacy IP range.. ARIN allowed it.. All too shady.

Anyway, according to AMPRnet that range was unallocated, so no active
radio ham networks were at that range, so I doubt it was someone
from AMPRnet. Getting parts of 44/8 reannounced by different gw
than ucsd.edu is not that easy after all.

-- Original message --

From: Ellenor Agnes Bjornsdottir 
To: nanog@nanog.org
Subject: Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards
AS16509)
Date: Tue, 30 Aug 2022 04:13:24 +

Wasn't 44/8 the space for AMPRNet?

I looked it up and they sold part of it to Amazon. Ok. Got it.

Possible that a potential highjack could be a good faith radio ham who
hasn't somehow been updated on the sale of that space? Or more likely to
be a malicious highjack?

On 8/23/22 02:05, Siyuan Miao wrote:
> Amazon was only announcing 44.224.0.0/11 <http://44.224.0.0/11> at first.
> 
> https://bgp.tools/prefix/44.235.216.0/24
> 
> On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette
>  wrote:
> 
> In message
> ,
> Siyuan Miao  wrote:
> 
> >Hjacking didn't last too long. AWS started announcing a more specific
> >announcement to prevent hijacking around 3 hours later. Kudos to
> Amazon's
> >security team :-)
> 
> Sorry.  I'm missing something here.  If the hijack was of
> 44.235.216.0/24 <http://44.235.216.0/24>, then
> how did AWS propagate a "more specific" than that?
> 
> 
> Regards,
> rfg
> 
> --
> 
> To unsubscribe from this mailing list, get a password reminder, or
> change your subscription options, please visit:
> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
> 


Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards AS16509)

2022-08-29 Thread Ellenor Agnes Bjornsdottir

Wasn't 44/8 the space for AMPRNet?

I looked it up and they sold part of it to Amazon. Ok. Got it.

Possible that a potential highjack could be a good faith radio ham who
hasn't somehow been updated on the sale of that space? Or more likely to
be a malicious highjack?

On 8/23/22 02:05, Siyuan Miao wrote:

Amazon was only announcing 44.224.0.0/11  at first.

https://bgp.tools/prefix/44.235.216.0/24

On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette
 wrote:

In message
,
Siyuan Miao  wrote:

>Hjacking didn't last too long. AWS started announcing a more specific
>announcement to prevent hijacking around 3 hours later. Kudos to
Amazon's
>security team :-)

Sorry.  I'm missing something here.  If the hijack was of
44.235.216.0/24 , then
how did AWS propagate a "more specific" than that?


Regards,
rfg

--

To unsubscribe from this mailing list, get a password reminder, or
change your subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg