RPKI

• Previous message (by thread): Fwd: Call for Presentations RIPE 69
• Next message (by thread): Time Warner outage?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

With Daniele Iamartino, we are validating BGP routes with the objects stored in the RPKI.

On 2014/07/26, for the routes at the LINX RouteViews monitor, we observe the following set of prefixes that are announced both with the correct origin AS and a wrong origin AS. There are very few of them. 
We believe they could be anycast where there is no ROA for some origin ASs or they could be misconfiguration/attacks.

RIB Dump time: 2014/08/26 08:00 UTC

prefix,valid AS,invalid AS
5.128.0.0/14,31200,50923
37.19.8.0/21,49964,198585
94.199.232.0/21,49413,5089
179.61.194.0/23,61440,37692
190.94.182.0/24,262195,18678
193.42.215.0/24,30880,50827
193.227.174.0/24,9051,24634
195.69.144.0/22,1200,41313
200.35.183.0/24,26617,27742
213.192.242.0/23,8903,12541
217.113.242.0/24,197860,20721
217.113.244.0/24,197860,20721
217.113.245.0/24,20721,197860
2a02:2928::/32,39288,197530

Prefixes containing private AS numbers

prefix,valid AS,invalid AS
176.56.192.0/19,8426,65489
185.36.76.0/22,8426,65489
194.45.46.0/24,286,64951
2a00:fd00::/32,29695,65026


Any feedback is welcome,

Cristel

• Previous message (by thread): Fwd: Call for Presentations RIPE 69
• Next message (by thread): Time Warner outage?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]