Anomalies with AS13214 ?
Sharlon R. Carty
me at sharloncarty.net
Tue Jul 28 08:45:28 CDT 2009
Isn't this the second time that AS13214 seemed to have made a "unintentional
On Mon, May 11, 2009 at 3:05 PM, Ricardo Oliveira <rveloso at cs.ucla.edu>wrote:
> Hi all,
> First, thanks for using Cyclops, and thanks for all the Cyclops users that
> drop me a message about this.
> It seems some router in AS13214 decided to originate all the prefixes and
> send them to AS48285 in the Caymans, all the ASPATHs are 48285 13214.
> The first announcement was on 2009-05-11 11:03:11 UTC and last on
> 2009-05-11 12:16:32 UTC, there were 266,289 prefixes leaked (they were
> withdrawn afterwards)
> As indicated in the Cyclops alerts, only a single monitor(AS48285) in
> route-views4 detected this leak. I checked on other neighbors of AS13214 and
> they seem fine, so it seems it was only a single router issue.
> This incident shows the advantage of having a wide set of peers for
> detection, it seems Cyclops was the only tool to detect this incident. Given
> the amount of banks and financial institutions in the Caymans, i would
> otherwise have raised a red flag, but it seems this case was an
> unintentional misconfig by AS13214.
> Would appreciate any further comment on the tool, and happy cyclopying!
> the Cyclops guy
> On May 11, 2009, at 8:30 AM, Jay Hennigan wrote:
> We're getting cyclops alerts that AS13214 is advertising itself as
>> origin for all of our prefixes. Their anomaly report shows thousands of
>> prefixes originating there.
>> Anyone else seeing evidence of this or being affected?
>>  http://cyclops.cs.ucla.edu/
>> Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
>> Impulse Internet Service - http://www.impulse.net/
>> Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the NANOG