someone is using my AS number

Philip_Lavine · June 12, 2019, 4:05pm

What is the procedure to have another party to cease and desist in using my AS number?

Thx

David_Guo · June 12, 2019, 4:10pm

Send abuse complaint to the upstreams

FHR · June 12, 2019, 4:12pm

Contact the offending upstreams.

Filip

Philip_Lavine · June 12, 2019, 4:20pm

yeah I did they are some MSP in India. No help.

Contact the offending upstreams.

Filip

FHR · June 12, 2019, 4:23pm

I would contact upstreams of the upstream then. This is quite a serious offence and they should help you.

Regards,
Filip

f93hbkzsjiihrpm2zn4n · June 12, 2019, 4:24pm

Maybe try contacting the RIR?

Christopher_Morrow · June 12, 2019, 4:24pm

details help here, and perhaps folk who peer with the upstreams can
just reject routes with your as in them... if, you know, we knew what
that was

_Job_Snijders · June 12, 2019, 4:27pm

Can you share more details? Perhaps we can put the human social network to good use.

Other than that this is annoying - are right now operationally impacted?

Kind regards,

Job

Joe_Provo4 · June 12, 2019, 4:37pm

...and then name & shame publicly. AS-path forgery "for TE" was
never a good idea. Sharing the affected prefix[es]/path[s] would
be good.

Carsten_Bormann · June 12, 2019, 4:46pm

Yes, but which of these is more effective?

SCNR

Grüße, Carsten

Matt_Harris · June 12, 2019, 4:53pm

With some upstreams, I wonder if getting Outlook for iOS might not be just as effective as contacting them…

Mehmet_Akcin · June 12, 2019, 4:54pm

What is your ASN?

Philip_Lavine · June 12, 2019, 5:57pm

Here is what I got from BGPMon- MY AS is 15053

Detected new prefix: 134.37.2.0/23
Update time: 2019-06-11 17:58 (UTC)
Detected by #peers: 70
Announced by: AS15053 (ROLL-GLOBAL-LLC - Roll Global LLC, US)
Upstream AS: AS15001 (ITCONVERGENCE-COM - IT Convergence Inc., US)

ASpath: 394256 174 702 25213 25213 25213 15001 15053

I tried contacting the upstream provider and they were no help :
Contact - IT Convergence

[

Contact - IT Convergence

Contact us today to learn more about how your business can benefit by partnering with IT Convergence.

](https://www.itconvergence.com/contact/)

Can you share more details? Perhaps we can put the human social network to good use.

Other than that this is annoying - are right now operationally impacted?

Kind regards,

Job

Toma_Gavrichenkov · June 12, 2019, 6:05pm

Our records show this happened yesterday and lasted before 2019-06-11
20:24:00, for 2.5 hours total. Maybe that was just by accident.

I'm sort of confused why you're speaking of some ISPs in India. The
incident was more or less local to Finland, wasn't it?

_Job_Snijders · June 12, 2019, 6:09pm

Indeed, I do not see this in the our current version of the
Default-Free Zone, so there may not be a problem for us to solve at
this moment.

I think your reaching out to NANOG or other operator forums is the
correct action. Someone is bound to know someone who knows someone who
can help.

Kind regards,

Job

Philip_Lavine · June 12, 2019, 6:10pm

I talked to the upstream provider on AS 1500. I called the telephone number on the abuse record on ARIN and it went to a MSP in India.

FHR · June 12, 2019, 6:15pm

Seems the issue was on AS25213 side. They don’t provide transit to AS15001 at all.

Regards,
Filip

Alejandro_Acosta · June 12, 2019, 7:23pm

Unfortunately RPKI is not useful in this case.

Question: What else could be done to prevent this?

Alejandro,

Arturo_Servin · June 12, 2019, 7:26pm

Proper filtering from the upstream providers.

.as

Valdis_Kletnieks · June 12, 2019, 9:07pm

Does it work better on XE or XR versions?

/ducks