odd hijack

Josh Karlin karlinjf at cs.unm.edu
Fri Nov 10 00:46:45 UTC 2006


I recently brought up a prefix hijack that the NANOG community solved,
the AS had accidentally started announcing their bogon list.

Here is one that is somewhat the opposite, the AS announced a
significant portion of IANA allocated space.  Note, they are large
blocks and as such probably did not cause much damage because most
networks announce more specifics.  My question to the community is,
what kind of misconfiguration could cause this set of prefixes to be
announced?   I asked the AS responsible, but have not had a response.

If you would like more information on the hijack, please see the
Internet Alert Registry forums at http://cs.unm.edu/~karlinjf/IAR/

Following are the AS's announced prefixes during the ~10 minute hijack
from earlier today:

11.0.0.0/8
12.0.0.0/7
121.0.0.0/8
122.0.0.0/7
124.0.0.0/7
126.0.0.0/8
128.0.0.0/3
15.0.0.0/8
151.99.190.0/24
16.0.0.0/6
160.0.0.0/5
168.0.0.0/6
172.0.0.0/8
188.0.0.0/8
189.0.0.0/8
190.0.0.0/8
191.0.0.0/8
192.0.0.0/8
193.0.0.0/8
194.0.0.0/7
196.0.0.0/8
198.0.0.0/8
199.0.0.0/8
20.0.0.0/7
200.0.0.0/8
201.0.0.0/8
202.0.0.0/7
204.0.0.0/7
206.0.0.0/7
208.0.0.0/8
209.0.0.0/8
210.0.0.0/7
210.170.0.0/18
212.0.0.0/7
214.0.0.0/7
216.0.0.0/8
217.0.0.0/8
218.0.0.0/7
22.0.0.0/8
220.0.0.0/7
222.0.0.0/8
24.0.0.0/8
25.0.0.0/8
26.0.0.0/8
28.0.0.0/7
30.0.0.0/8
32.0.0.0/6
32.1.21.168/32
38.0.0.0/8
40.0.0.0/8
41.0.0.0/8
43.0.0.0/8
44.0.0.0/6
48.0.0.0/6
56.0.0.0/7
58.0.0.0/8
59.0.0.0/8
6.0.0.0/8
60.0.0.0/7
62.0.0.0/8
63.0.0.0/8
64.0.0.0/5
72.0.0.0/7
74.0.0.0/7
76.0.0.0/8
77.0.0.0/8
78.0.0.0/7
8.0.0.0/7
80.0.0.0/7
82.0.0.0/8
82.143.0.0/18
82.143.0.0/20
82.143.0.0/21
82.143.10.0/23
82.143.12.0/24
82.143.16.0/20
82.143.32.0/19
82.143.32.0/24
82.143.33.0/25
82.143.8.0/23
83.0.0.0/8
84.0.0.0/6
88.0.0.0/7
90.0.0.0/8
91.0.0.0/8
96.0.0.0/6


Thanks,

Josh



More information about the NANOG mailing list