Cisco/Level3 takedown

Blake Hudson blake at
Thu Apr 9 15:55:43 UTC 2015

Reading the article, I assumed that perhaps Level 3 was an upstream 
carrier, but RIPE stats shows that the covering prefix ( 
is announced by AS63509, an Indonesian organization. It looks like 
they're fighting back by announcing their own /24 now.

I love the AS's address:
descr:Jl. Marcedes Bens No.258
descr:Gunung Putri, Bogor
descr:Jawa Barat 16964

While a Level 3 /24 announcement will certainly have a world wide 
impact, I agree that it seems misguided when the originating AS can 
announce their own /24. It does make one wonder why Cisco or Level 3 is 
involved, why they feel they have the authority to hijack someone else's 
IP space, and why they didn't go through law enforcement. This is 
especially true for the second netblock (, announced by 
a US company (AS26484).


Sameer Khosla wrote on 4/9/2015 10:31 AM:
> Was just reading then checking my routing tables.
> Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published the ssh attack dictionary.
> It seems to me that this is something that if they want to do, they should be working with entire service provider community, not just one provider.
> Thanks
> Sameer Khosla
> Managing Director
> Neutral Data Centers Corp.
> Twitter: @skhoslaTO

More information about the NANOG mailing list