Suspecious anycast prefixes
joey.liuyq at gmail.com
Thu May 5 14:36:50 UTC 2011
On Thu, May 5, 2011 at 3:54 AM, Joe Abley <jabley at hopcount.ca> wrote:
> On 2011-05-05, at 11:46, bmanning at vacation.karoshi.com wrote:
>> On Wed, May 04, 2011 at 10:23:12PM -0500, Yaoqing(Joey) Liu wrote:
>>> AS4555:ASName: EP0-BLK-ASNBLOCK-5;OrgName:Almond Oil Process, LLC.
>>> AS9584:as-name:GENESIS-AP|descr:Diyixian.com Limited|country:HK
>>> AS20144:ASName: L-ROOT;Comment:distributed using Anycast.
>>> AS42909: as-name: COMMUNITYDNS;descr: Internet
>>> Computer Bureau Ltd
>> according to Filip, this is -NOT- supposed to be
>> anycast. the only legal origin ASN is 4555.
>> these other ASNs have hijacked the prefix.
> The source data above may be old, or simply wrong -- I don't see *any* AS originating that prefix right now, and I can confirm specifically AS20144 is not configured to originate it.
This is based on last four year's data(2007-2010)collected from more
than 120 peers around the world. Today it may be not announced
anymore, but it used to be announced by the four ASNs simultaneously.
I just checked the detailed info about this prefix, here it is about
(ASN: average peers announcing this prefix:existing period:total
appearing days: MOAS period: total appearing days)
MY source data
> Perhaps I'm misunderstanding the original question, but the assertion that anybody is hijacking that particular prefix seems false.
This needs to do further analysis to confirm if it was hijacked
More information about the NANOG