Cisco/Level3 takedown
Blake Hudson
blake at ispn.net
Thu Apr 9 15:55:43 UTC 2015
Reading the article, I assumed that perhaps Level 3 was an upstream
carrier, but RIPE stats shows that the covering prefix (103.41.120.0/22)
is announced by AS63509, an Indonesian organization. It looks like
they're fighting back by announcing their own /24 now.
I love the AS's address:
descr:Jl. Marcedes Bens No.258
descr:Gunung Putri, Bogor
descr:Jawa Barat 16964
country:ID
While a Level 3 /24 announcement will certainly have a world wide
impact, I agree that it seems misguided when the originating AS can
announce their own /24. It does make one wonder why Cisco or Level 3 is
involved, why they feel they have the authority to hijack someone else's
IP space, and why they didn't go through law enforcement. This is
especially true for the second netblock (43.255.190.0/23), announced by
a US company (AS26484).
--Blake
Sameer Khosla wrote on 4/9/2015 10:31 AM:
> Was just reading http://blogs.cisco.com/security/talos/sshpsychos then checking my routing tables.
>
> Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published the ssh attack dictionary.
>
> It seems to me that this is something that if they want to do, they should be working with entire service provider community, not just one provider.
>
>
> Thanks
>
> Sameer Khosla
> Managing Director
> Neutral Data Centers Corp.
> Twitter: @skhoslaTO
>
>
More information about the NANOG
mailing list