Kenyan Route Hijack

• Previous message (by thread): Kenyan Route Hijack
• Next message (by thread): Kenyan Route Hijack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 17, 2008 at 01:13:04PM +0530, Suresh Ramasubramanian wrote:
> anybody see similar routing loops for those other prefixes that'd make
> it look like 5999 is a blackhole community at abovenet, so this dude
> is seeing what ORBS saw way back when (2000, right) - that is, he had
> abuse issues, was downstream of a downstream of abovenet and got his
> /24 blackholed?

No, 6461:5999 is definitely not a blackhole community.  I'm seeing
prefixes tagged 5999 that are reachable.  See for example 62.80.96.0/19.

The only common factors I can see with these prefixes:

1) They are all announced with an AS path of 6461.
2) A large number seem to be related to dyanmic IP internet service.
Some are registered to wireless providers, some have reverse DNS that
indicates there's DSL behind them.  

But then there's some stuff that looks to be non-ISP:
204.227.66.0/24 is registered to "Ann Taylor Stores Corp", is part of
ARIN assigned 204.227.64/19.  However, none of the rest of that /19 is there.

Puzzling...


-- 
Ross Vandegrift
ross at kallisti.us

"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
	--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37

• Previous message (by thread): Kenyan Route Hijack
• Next message (by thread): Kenyan Route Hijack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]