question about bogon prefix

• Previous message (by thread): question about bogon prefix
• Next message (by thread): question about bogon prefix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/9/2014 11:00 PM, Song Li wrote:
> Hi everyone,
>
> I found many ISP announced bogon prefix, for example:
>
> OriginAS Announcement Description
> AS7018  172.116.0.0/24    unallocated
> AS209   209.193.112.0/20 unallocated
>
> my question is why the tier1 and other ISP announce these unallocated 
> bogon prefixes, and another interesting question is:
>
You could also ask why are other providers accepting the route, since I 
could announce 209.193.112.0/20 from my router and my upstream would 
reject it.

Of course, those two ASNs have a huge number of routes so they probably 
aren't filtered as closely by their peers.

But.. even if you're hyper diligent and blocking bogon routes, you'll 
need to ask yourself why it's not in the bogon list:

curl -s http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt | 
grep 209.193

It's also not on http://www.cymru.com/BGP/bogons.html but 172.116.0.0/24 is.

Now, according to this:
http://myip.ms/view/ip_addresses/3519115264/209.193.112.0_209.193.112.255

It belongs to the Franciscan Health System.  The one IP that is in DNS 
seems to back this up (it's called mercyvpn.org)

Whois Record created: 04 Jan 2005
Whois Record updated: 24 Feb 2012

My guess is one of two things.  Maybe they renumbered out of the /20 but 
left a VPN server up and haven't managed to migrate off it yet, but they 
have asked to return the block.. or, they forgot to pay their bill to 
ARIN and the block has been removed from whois but Qwest isn't as 
diligent because they're still being paid.

I've CC'd the technical contact listed in the old whois information so 
maybe he can get things corrected.

> If I am ISP, can I announce the same bogon prefix(172.116.0.0/24) with 
> AS7018 announced? Will this result in prefix hijacking?
>
> Thanks!
>
I can find nothing on google that offers any legitimacy for 
172.116.0.0/24, but it is has been announced for 2 years so maybe there 
is some squatters rights at least.  It doesn't appear to be a spam 
source and I don't think any hosts are up on it right now. Maybe it's a 
test route that never got removed.  It makes me sad that nobody at ATT 
reads the CIDR report.  They've only got a couple of bogon announcements 
so it would be trivial for them to either acknowledge them and claim 
legitimacy or clean them up.

• Previous message (by thread): question about bogon prefix
• Next message (by thread): question about bogon prefix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]