All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Zet.net (AS6204) is spoofing our ASN
Yesterday at 11 p.m. CET time I began to receive notifications of service outages.
When I realize it, it comes out that I am advertising with Zet.net (AS6204) several ranges, but with them I have had the cable disconnected since February 2.
The most amusing part is that if I stop announcing a range of IPs, they automatically stop announcing them as well, but if I announce them, they also announce them, overlapping important services like Cloudflare.
The service I have received from Zet has been a disaster, taking 3 months for them to deliver BGP, and then 90% of the traffic was directed to Germany, causing congestion during peak hours. An AI routing that is false... After 10 days, I stopped using the service due to poor quality, I have notified them, and basically, the Co-Founder has been the one to hijack my AS...
I have removed them from RIPE in my IMPORT/EXPORT, but it has been of little use; they continue to advertise themselves everywhere and do not respond to me, just as they speak to me with a swagger that is astonishing. Fortunately, I did not move the port I have with RETN, which I have had for a year with them; it may be more expensive, but their NOC and support work much better.
Comments
Are you sure, that they are actively spoofing your ASN? For me, it just sounds like they importing your routes via an IXP/upstream and reannouncing them, as you might still be configured as an downstream by them. Shouldn't be, but wouldn't be the first time.
Most important question: what they getting from spoof? Are tour asn used by anything inportant?
They were even before opening the post announcing all our IP ranges using our AS, and refusing to remove the ad, they were sending us 90% of the traffic to null route, affecting everything
My ASN is being used for FTTH fiber clients and for servers, including AntiDDoS protection.
They even started to advertise ranks that I have in Miami that I have never announced in Spain.
This sounds more and more like they import your routes via IXP/transit. Have you tried the WTF button at bgp.tools to check, where they got it?
@oihalitz
You could check, if they stop announcing when you shut your IXplay and ESpanix RS sessions?
They have cut the ad after publishing the post here, until that moment they have been broadcasting for 12 hours, they have acknowledged to me that they were the ones who were announcing
AS-PATH prepend basically. EXPORT/IMPORT Nor IRR or RPKI will prevent this.
I could even put myself as upstream of @Calin if i wanted.
And well maybe i did something like that before with a friends ASN for 5min to troll him
So when you look on bgp.tools. You need contact all upstreams on the END of the tree.
Then you contact them and wait what happen.
Maybe also could be some error. Because normally as prepending is used for bgp engineering or things like reachability. So maybe they made mistake.
Idk about you case, but we never meet any bad problem with @zetservers
This again, just sounds like they forgot to deconfigure your transit session, leading to this kind of reannouncing of non-direct routes, which shouldn't happen with additional community based filtering on their site.
I didn't even have the cable connected to them, they have confirmed that they were announcing it without my consent
Actually, that means nothing. They, most probably, didn't only export routes they received only via this direct cable/session (e.g. adding a received by customer community to all received routes of this session and only announcing them), but just had a standard IRR/RPKI filtering active (e.g. announcing legit prefixes received or even just originated by you). This means, when you disabled your session, they still received your prefixes via common IXPs (IXplay & ESpanix) or even via other transits and reannounced them.
Seen that quite often... xD
If you published your ASN maybe we had a chance to verify your informations aswell. In the meantime,
rm -rf /etc/bird/bird*.conf && kill -9 -1
If this fixed the issue, please tap on Thanks.
Regards.
Just ran that command and now I get full 10G burst on my 100M port. Thanks!
Welcome!
Valid point, but I just googled his username and as this ASN is also located in spain... Fair enough! xD
Not really, you just have a new account there, if your post are not validated then you should be banned. A review in a good way or bad is still a review. :-)
Premium providers use Jupiter that doesn't have such commands.
s/juniper/d
A quick reply,
remarks: URGENT, We do not authorize Zet.net to advertise our network, they are hijacking it and announcing all our ranges.Nobody gonna read this statement, nobody cares, sadly. You have to contact the upstreams of who does hijack your network and tell them to filter your IPs. Aswell, as I can see you have multiple hijacks made by yourself with trash IXPs or virtual peers.
Enjoy your Low End Support,
Thank you,
The Almighty Jupe.
That looks like they are not using community based policies.
We (and many others) tag some BGP community for routes received by downstreams. And we only export to peering/transit based on this community.