[sg-ops] suspect AWS route leak from AS206776 and leak through Starhub
Cheeyong Tay
tcy at cheeyong.org
Sun Mar 25 22:21:44 SGT 2018
Thanks Alan for posting this into the sgops mailing list. Really like to
see more of such post reaching out to the SG network operator community!
Regards,
Cheeyong
On Sun, Mar 25, 2018 at 12:54 PM, Alan Woo Shian Loong <alan at ne.com.sg>
wrote:
> Hi,
>
> Starhub have fixed the issue.
>
> traceroute to 13.228.161.243 (13.228.161.243), 30 hops max, 60 byte packets
> 1. 203.116.178.1 0.0%
> 11 0.2 0.2 0.2 0.3 0.1
> 2. 203.117.190.73 0.0%
> 11 1.8 1.9 1.8 2.0 0.1
> 3. 203.118.15.241 0.0%
> 11 1.8 1.9 1.6 3.3 0.5
> 4. 203.118.2.30 0.0%
> 11 1.7 1.8 1.6 2.8 0.3
> 5. an-atl-loc11.starhub.net.sg 0.0%
> 11 2.2 2.0 1.9 2.2 0.1
> 6. xe-1-0-0.br001.sgp02.ntt.com.sg 0.0%
> 11 18.8 3.5 1.7 18.8 5.1
> 7. xe-0-5-0-21.r00.sngpsi02.sg.bb.gin.ntt.net 0.0%
> 11 2.2 2.6 2.1 3.7 0.5
> 8. ae-0.r21.sngpsi05.sg.bb.gin.ntt.net 0.0%
> 11 2.3 2.5 2.3 4.4 0.6
> 9. ae-3.r21.sngpsi07.sg.bb.gin.ntt.net 0.0%
> 11 2.1 2.4 2.1 4.4 0.7
> 10. ae-2.r01.sngpsi07.sg.bb.gin.ntt.net 0.0%
> 11 2.4 2.9 2.4 5.0 0.9
> 11. ae-1.a01.sngpsi07.sg.bb.gin.ntt.net 0.0%
> 10 2.7 3.4 2.4 8.1 1.8
> 12. ae-1.amazon.sngpsi07.sg.bb.gin.ntt.net 0.0%
> 10 2.4 3.2 2.4 8.1 1.8
> 13. ???
> 14. ???
> 15. ???
> 16. ???
> 17. 52.93.11.38 0.0%
> 10 3.3 4.4 3.1 14.7 3.6
> 18. 52.93.8.95 0.0%
> 10 3.4 3.7 3.4 5.0 0.5
> 19. 203.83.223.31 0.0%
> 10 3.9 3.7 3.4 5.4 0.6
> 20. ???
>
> Alan Woo
>
> NewMedia Express Pte Ltd
> Mobile: +65 98574266 <+65%209857%204266>
> Office: +65 66368873 <+65%206636%208873>
>
> On Sun, Mar 25, 2018 at 12:18 PM, Alan Woo Shian Loong <alan at ne.com.sg>
> wrote:
>
>> Hi,
>>
>> The following 2 /24 is use by AWS load balancer, and leak from AS206776
>> via Starhub, application connect to the following maybe subject to MITM
>> attack.
>>
>> 13.228.161.0/24
>> 13.250.135.0/24
>>
>> Affected party shall be provider / network using Starhub
>>
>> Traceroute from Starhub
>> traceroute to 13.228.161.243 (13.228.161.243), 30 hops max, 60 byte
>> packets
>> 1 203.116.178.1 (203.116.178.1) 0.198 ms 0.171 ms 0.137 ms
>> 2 203.117.190.73 (203.117.190.73) 3.758 ms 3.731 ms 3.738 ms
>> 3 203.118.15.237 (203.118.15.237) 1.566 ms 203.118.15.241
>> (203.118.15.241) 3.600 ms 203.118.15.237 (203.118.15.237) 3.608 ms
>> 4 203.118.2.26 (203.118.2.26) 3.591 ms 3.618 ms 203.118.2.30
>> (203.118.2.30) 3.568 ms
>> 5 anutli13.starhub.net.sg (203.118.12.42) 3.681 ms
>> anutli13.starhub.net.sg (203.118.12.46) 3.563 ms 3.500 ms
>> 6 histate.telepoint-sofia.nl-ix.net (193.239.118.20) 205.024 ms
>> 205.113 ms 207.147 ms
>> 7 * * *
>> 8 * * *
>> 9 * * *
>> 10 * * *
>>
>> #show ip bgp 13.228.161.243
>> BGP routing table entry for 13.228.161.0/24, version 190199360
>> Paths: (1 available, best #1, table default)
>> 4657 206776 38895
>>
>>
>> Alan Woo
>>
>> NewMedia Express Pte Ltd
>> Mobile: +65 98574266 <+65%209857%204266>
>> Office: +65 66368873 <+65%206636%208873>
>>
>
>
> _______________________________________________
> Sgops mailing list
> Sgops at list.sgnog.net
> http://list.sgnog.net/listinfo/sgops
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.sgnog.net/pipermail/sgops/attachments/20180325/e5fc1d0e/attachment.html>
More information about the Sgops
mailing list