Cisco BGPmon

@bgpmon

BGPmon is now Part of CrossworkCloud a Service that Provides Internet BGP Event and Signature Detection

crosswork.cisco.com
Joined June 2010
131 Photos and videos Photos and videos

Tweets

You blocked @bgpmon

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @bgpmon

  1. Retweeted
    29 Sep 2020

    hearing from various folks about a bgp hijack incident by Telstra..

    There is an ongoing BGP hijacking incident impacting the ProtonMail network. Connectivity to Proton services is being impacted. is announcing our 185.70.40.0/24 subnet without authorization.
    Show this thread
    5 replies 36 retweets 19 likes
    Show this thread
    Show this thread
    Undo
  2. Retweeted
    18 Aug 2020

    600 new Google ROAs! That's exciting! great work!

    13 retweets 34 likes
    Undo
  3. Retweeted
    14 Jun 2020

    Important goal: improved routing security.

    7 replies 25 retweets 68 likes
    Undo
  4. Retweeted
    5 Apr 2020

    For what it's worth: I don't think they intended to announce this to the rest of the world (hijack). What we saw here, by accident, is that they treat these (new more specific) prefixes special inside their network. Likely for some kind of "Traffic Engineering" reason.

    Earlier this week there was a large scale BGP hijack incident involving AS12389 (Rostelecom) affecting over 8,000 prefixes. Many examples were just posted on , see for example this example for
    2 replies 25 retweets 46 likes
    Undo
  5. Retweeted
    5 Apr 2020

    Not the first time we see this for Rostelecom. A few years ago, I observed a similar incident, involving the networks of many financial companies.

    Earlier this week there was a large scale BGP hijack incident involving AS12389 (Rostelecom) affecting over 8,000 prefixes. Many examples were just posted on , see for example this example for
    2 replies 18 retweets 49 likes
    Undo
  6. 5 Apr 2020

    Earlier this week there was a large scale BGP hijack incident involving AS12389 (Rostelecom) affecting over 8,000 prefixes. Many examples were just posted on , see for example this example for

    6 replies 227 retweets 319 likes
    Undo
  7. Retweeted
    2 Apr 2020

    There was a major hijack event yesterday, involving many (thousands) new more specific prefixes. The hijacker was 12389 (Rostelecom) the largest Russian ISP. Affecting most of your favorite cloud providers and CDNs

    8 replies 79 retweets 132 likes
    Undo
  8. 17 Nov 2019

    Major Internet outages in Iran continues today. This is an example of the BGP routes visible for the "Iran Cell Service and Communication Company (AS44244)" network. As well as observed network traffic from Iran Cell. Note the clear drop at ~ 15:00 UTC Nov 16 in both graphs.

    1 reply 39 retweets 41 likes
    Undo
  9. 1 Jul 2019

    Operating BGP: “It’s more like an 18th-century Royal Navy frigate. There’s a lot of running around and screaming and shouting and pulling on ropes to try to get things going in the right direction.”

    1 reply 27 retweets 35 likes
    Undo
  10. Retweeted
    26 Jun 2019

    The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday

    5 replies 214 retweets 353 likes
    Undo
  11. Retweeted
    24 Jun 2019

    Quick write-up on today's widespread Internet outage: This appears to me as a multi-organisational catastrophic failure in both process and technologies.

    4 replies 85 retweets 118 likes
    Undo
  12. 24 Jun 2019

    Actually looks like the end time was 12:37 UTC

    10 retweets 14 likes
    Show this thread
    Show this thread
    Undo
  13. 24 Jun 2019

    Many of the prefixes we new more specifics, indicating this was likely a BGP optimizer leaking routes which were then leaked to and accepted by Verizon. This caused outages for many networks including Cloudflare and Facebook, Amazon, and many more

    3 replies 46 retweets 70 likes
    Show this thread
    Show this thread
    Undo
  14. 24 Jun 2019

    we can confirm that earlier today there was a large BGP incident, causing 20k prefixes for 2400 network to be rerouted through AS396531 (a steel plant). and then on to its transit provider: Verizon (AS701) Start time: 10:34:21 (UTC) End time: 13:26:07 (UTC)

    16 replies 361 retweets 446 likes
    Show this thread
    Show this thread
    Undo
  15. Retweeted
    24 Jun 2019

    Here's what an example alert for looked like (using my personal bgpmon test account)

    1 reply 11 retweets 24 likes
    Show this thread
    Show this thread
    Undo
  16. Retweeted
    24 Jun 2019

    Quick dumps through the data, showing about 2400 ASns (networks) affected. Cloudflare being hit the hardest. Top 20 of affected ASns below

    2 replies 30 retweets 37 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    24 Jun 2019

    doing some more digging. For now looking at a debug bgpmon account i have with various popular prefixes. Seeing 'BGP MITM' / 'route leak' alerts for at least many cloudflare prefixes and by the looks of it Facebook as well. 2 examples below:

    3 replies 24 retweets 42 likes
    Show this thread
    Show this thread
    Undo
  18. Retweeted
    24 Jun 2019

    wow waking up to some BGP madness! Looks like many (all) of AS 13335 prefixes are being rerouted through AS396531 (Allegheny Technologies) and Verizon AS701 is providing that transit via that path! Ugh not good! will dig more ...

    8 replies 125 retweets 227 likes
    Show this thread
    Show this thread
    Undo
  19. 10 Mar 2019

    Major dip in traffic from Venezuela over the last few days. Big dip started at March 7, 20:55 UTC. Still ongoing.

    3 replies 71 retweets 75 likes
    Undo
  20. 16 Feb 2019

    We are now using as our ROA validator. Thanks for the new CSV export feature and team!

    1 reply 19 retweets 53 likes
    Undo

@bgpmon hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·