HIJACKED: 220.127.116.11/16 -- WTF? Level3 is now doing IP hijacking??
ttauber at 1-4-5.net
Thu Mar 31 10:33:25 CDT 2011
I don't believe this record indicates that Level3 proxy registered the route
It means that someone used the DBANK-MNT maintainer ID in the Level3 RR to
enter a route object 18 months ago.
It looks like Level3 is originating the route in AS3356, not accepting it
from AS13767 (which is what the object would suggest to do.)
Oops, looks like the route is now gone. Guess it got cleaned.
On Thu, Mar 31, 2011 at 5:49 AM, Christopher Morrow <morrowc.lists at gmail.com
> I forgot:
> $ whois -h whois.radb.net 18.104.22.168
> route: 22.214.171.124/16
> descr: /16 for Celanese
> origin: AS13767
> mnt-by: DBANK-MNT
> changed: jpope at databank.com 20090818
> source: LEVEL3
> (this means l3 proxy'd in the record, I think... maybe an L3 person
> can speak to this bit?)
> > -chris
> > (being able to validate 'ownership', really authorization to route,
> > automatically will sure be nice, eh?)
More information about the NANOG