-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Trevor,
I just a notification from my data center that someone is trying to hijack the IP of my exit node. Seems like the sort of thing someone might do when trying to attack Tor. I'm in a very remote area with limited access but any suggestions on actions I should take?
====================================================================
Possible Prefix Hijack (Code: 10)
====================================================================
Your prefix: 204.17.32.0/19 <http://204.17.32.0/19>:
Prefix Description: GBLX-US-BGP Update time: 2018-05-09 12:11 (UTC) Detected by #peers: 1 Detected prefix: 204.17.56.42/32 <http://204.17.56.42/32> Announced by: AS200005 (Asavie Technologies Limited) Upstream AS: AS200005 (Asavie Technologies Limited) ASpath: 200005
I took a look through our BGP data and peering routers, and I didn't see the /32 being announced. I'm not saying it didn't happen, but rather it may not have carried very far. /32 prefix announcements rarely propagate very far. There are still a great many filters in place that restrict announcements more specific than /24 (or /21, or /19, or ...). It may be the case that this /32 prefix is a null route that leaked out, which we've seen happen somewhat frequently. The most notorious example was an attempted, and unwittingly leaked, null route in Pakistan (/24s, IIRC) that impacted YouTube. It appears Asavie does a bit of security and networking work, so possibly this is attributable to that? Be well, Rabbi Rob. - -- Rabbi Rob Thomas Team Cymru "It is easy to believe in freedom of speech for those with whom we agree." - Leo McKern -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAlrzQasACgkQQ+hhYvqF 8o0OUw//Z230dJMUxxYlBWuopk2C0/zWmAMSaHBSHLugfEaG+wx1c1qLkPj/Sxtu aNV3u/GFl3GMtfcFSci4T7VGd5Q97QMctbjfdaKLtjodoNXh7341OsATqpToAq4X F7aU5TXQSayyW3iGA5HBeVJJ8RlG0wZX5Ute15iwOrpeKb0NfqGoC6pfdJVvxyt0 xyM3USg+9jWIA+11xgyw9T4Phs4sWvdlRAqLRXfUkvFok5sNLRXEx1jKhcOz9Wt6 M79Q7GUZbddijhjfJ5waZletscXa2ZjsvwESLqRotux2oK8WjVwb1JKvVo+zEcL+ pbF35jehoR1ROBqJclS465y08gugmnkTldhxRWyf24gvytYKi33qPtNNZ5Yn0gsv 7LU2qbQVectJURue8ULLD8iap3C2Gt8CYg6DBBnEYQejKpcpiCzTw+v+t+vlswgq 13jPrC2MpwjzrhCwNSgcfoFWGeERlsgovNyONcDOfozyn570zpjZrQBpogsCt0z1 g13kS0jAQ1KutDt7HFv8k2mw3pHi/DvLbpv9CsVwAFzY2dTwjc5Mr0n4L7yQI2Yd VY9pjOeXnDk+K+b+fiIh9TzofvxKgVVzjZlqTwGlx1fKkfxnc/gZK1XSE9GMqAER 4jSvYWxqi83X4T6BW17OAeaUW1SiDIbkWe7uziWmqeNyDsmlcVo= =SZWZ -----END PGP SIGNATURE-----