Hi all,
Does anyone have a technical or peering contact at Belpak / Beltelecom
(AS 66697) to address
an apparent netblock hijacking issue?
AS6697 is advertising the 2.2.2.0/24 address space which is under
AS3215 management.
We've tried to announce the same prefix but it's difficult to get the
traffic back!
No answer from people listed in the whois, no peeringDB information.
Any suggestions?
Thanks in advance,
Hello Sarah
Seems like they are not advertising it anymore. AS6697 has transit from
Level3 and peering/transit from HE. Both of them show path to AS3215 for
that prefix now.
http://lookingglass.level3.net/
BGP query on all sites seems OK for now.
Also same on results from Oregon as well as HE. Infact HE is taking 1299
5511 3215 ...way longer then direct 6697 if existed. Surely they were
getting wrong announcement as per http://bgp.he.net/net/2.2.2.0/24 - which
is updated once in 24hrs.
So likely issue resolved?
Hi,
Seems like they are not advertising it anymore. AS6697 has transit from
Level3 and peering/transit from HE. Both of them show path to AS3215 for
that prefix now.
Yes, seems that the annoucement stopped yesterday, after 5 days:
Origin AS First Seen Last Seen
AS3215 2012-10-28 17:32:51 UTC 2012-10-30 07:00:20 UTC
AS6697 2012-10-24 09:28:20 UTC 2012-10-29 12:18:10 UTC
AS5396 2012-10-24 09:17:58 UTC 2012-10-24 09:17:58 UTC
Anyway, as we couldn't reach anyone from Belpak, not sure how the
issue was solved. So I think we'll let the 2.2.2.0/24 a few days more
(usually only the 2.2.0.0/16 is advertised by AS3215... but the
2.2.2.0/24 prefix is so often subject to hijacking that we might
permanently add this /24 as well).