Low-numbered ASes being hijacked? [Re: BGP Update Report]

• Previous message (by thread): Low-numbered ASes being hijacked? [Re: BGP Update Report]
• Next message (by thread): Low-numbered ASes being hijacked? [Re: BGP Update Report]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm currently looking into AS3 in an attempt to figure out what's going on.

Always interested to hear what others have found out.

Cheers,
Harry

On Nov 30, 2014 8:57 AM, Simon Leinen <simon.leinen at switch.ch> wrote:
>
> cidr-report  writes: 
> > BGP Update Report 
> > Interval: 20-Nov-14 -to- 27-Nov-14 (7 days) 
> > Observation Point: BGP Peering with AS131072 
>
> > TOP 20 Unstable Origin AS 
> > Rank ASN                Upds     %  Upds/Pfx    AS-Name 
> [...] 
> > 11 - AS5               38861  0.6%       7.0 -- SYMBOLICS - Symbolics, Inc.,US 
>
> Disappointing to see Symbolics (AS5) on this list.  I would expect these 
> Lisp Machines to have very stable BGP implementations, especially given 
> the leisurely release rhythm for Genera for the past few decades.  Has 
> the size of the IPv4 unicast table started triggering global GCs? 
>
> Seriously, all these low-numbered ASes in the report look fishy.  I 
> would have liked this to be an artifact of the reporting software (maybe 
> an issue with 4-byte ASes?), but I do see some strange paths in the BGP 
> table that make it look like (accidental or malicious) hi-hacking of 
> these low-numbered ASes. 
>
> Now the fact that these AS numbers are low makes me curious.  If I 
> wanted to hijack other folks' ASes deliberately, I would probably avoid 
> such numbers because they stand out.  Maybe these are just non-standard 
> "private-use" ASes that are leaked? 
>
> Some suspicious paths I'm seeing right now: 
>
>   133439 5 
>   197945 4 
>
> Hm, maybe 32-bit ASes do have something to do with this... 
>
> Any ideas? 
> -- 
> Simon. (Just curious) 
>
> [...] 
> > 17 - AS3               30043  0.4%    3185.0 -- MIT-GATEWAYS - Massachusetts Institute of Technology,US 
> [...] 
>
> > TOP 20 Unstable Origin AS (Updates per announced prefix) 
> > Rank ASN                Upds     %  Upds/Pfx    AS-Name 
> [...] 
> > 13 - AS5               38861  0.6%       7.0 -- SYMBOLICS - Symbolics, Inc.,US 
> [...] 
> > 15 - AS4               21237  0.3%     871.0 -- ISI-AS - University of Southern California,US 
> [...] 
> > 19 - AS4                5345  0.1%    1437.0 -- ISI-AS - University of Southern California,US 
> > 20 - AS4                8784  0.1%    2303.0 -- ISI-AS - University of Southern California,US 

• Previous message (by thread): Low-numbered ASes being hijacked? [Re: BGP Update Report]
• Next message (by thread): Low-numbered ASes being hijacked? [Re: BGP Update Report]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]