Re: Netsweeper incident in Mauritius

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Tue, 04 May 2021 10:47:35 -0700


Hi Ish,
At 10:02 AM 04-05-2021, Ish Sookun wrote:
>The communique confirms that Netsweep [1] "directed" Internet Service
>Providers in Mauritius to route the traffic to the server in
>Netherlands. The traffic was intended to reach two Cloudflare [2] IP
>addresses.
>
>Is it a normal practice for ISPs to accept such BGP advertisements?

Netsweep likely provides a BGP feed for its filtering. It is up to
the network service provider to decide whether to route the traffic
based on that information. The general practice is to configure
filters to prevent network-related problems. It is unusual to
override the routing policy advertised by the network service
provider. 104.27.192.0/20, for example, originates from AS13335
according to Cloudflare. That information can be validated as there
is a Route Origin Authorisation (ROA) for the prefix.

Regards,
S. Moonesamy
Received on Tue May 04 2021 - 17:48:38 PST

This archive was generated by hypermail 2.4.0 : Wed May 05 2021 - 05:00:01 PST