OVHcloud Network Status
Current status
Legend
- Operational
- Degraded performance
- Partial Outage
- Major Outage
- Under maintenance
FS#10637 — bgp hijack 198.50.175.0/24
Incident
Report for Network & Infrastructure
Resolved
AS13489 has illegally published (or spoofed) one of our /24s on our network.
inet.0: 489105 destinations, 1592848 routes (489053 active, 0 holddown, 134 hidden)
+ = Active Route, - = Last Active, * = Both
198.50.175.0/24 *[BGP/170] 00:15:58, MED 200, localpref 3200, from 83.167.56.18
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:54, MED 200, localpref 3200, from 83.167.56.20
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:16:00, MED 200, localpref 3200, from 83.167.56.6
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:44, MED 200, localpref 3200, from 83.167.56.3
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:56, MED 200, localpref 3200, from 83.167.56.5
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:47, MED 200, localpref 3200, from 83.167.56.4
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 2d 19:43:12, MED 200, localpref 3200, from 83.167.56.9
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 4d 06:50:01, MED 200, localpref 3200, from 83.167.56.15
AS path: 13489 I
> to 83.167.56.240 via ge-0/0/0.0
Update(s):
Date: 2014-04-15 08:08:36 UTC
We have contacted them and they have ceased to publish it.
A /24 was taking a lot of DDoS. Our VAC anti-DDoS system is
working perfectly and the attackers are not able to bring down
our client. It's likely to be another form of attack but
that would be on a different scale...
inet.0: 489105 destinations, 1592848 routes (489053 active, 0 holddown, 134 hidden)
+ = Active Route, - = Last Active, * = Both
198.50.175.0/24 *[BGP/170] 00:15:58, MED 200, localpref 3200, from 83.167.56.18
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:54, MED 200, localpref 3200, from 83.167.56.20
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:16:00, MED 200, localpref 3200, from 83.167.56.6
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:44, MED 200, localpref 3200, from 83.167.56.3
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:56, MED 200, localpref 3200, from 83.167.56.5
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 00:15:47, MED 200, localpref 3200, from 83.167.56.4
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 2d 19:43:12, MED 200, localpref 3200, from 83.167.56.9
AS path: 16276 I
> to 83.167.56.240 via ge-0/0/0.0
[BGP/170] 4d 06:50:01, MED 200, localpref 3200, from 83.167.56.15
AS path: 13489 I
> to 83.167.56.240 via ge-0/0/0.0
Update(s):
Date: 2014-04-15 08:08:36 UTC
We have contacted them and they have ceased to publish it.
A /24 was taking a lot of DDoS. Our VAC anti-DDoS system is
working perfectly and the attackers are not able to bring down
our client. It's likely to be another form of attack but
that would be on a different scale...