IPv4 and IPv6 hijacking by AS 6
Anurag Bhatia
me at anuragbhatia.com
Fri Apr 13 02:25:36 UTC 2018
Similar for AS2.
A view from Oregon Route-views for AS2 related paths:
* 43.227.224.0/24 208.51.134.254 0 0 3549 3356
6453 4755 133711 133711 133711 2 i
* 103.197.104.1 0 134708 6453
4755 133711 133711 133711 2 i
* 212.66.96.126 0 20912 174
6453 4755 133711 133711 133711 2 i
* 217.192.89.50 0 3303 6453
4755 133711 133711 133711 2 i
* 203.62.252.83 0 1221 4637
6453 4755 133711 133711 133711 2 i
* 43.227.225.0/24 208.51.134.254 0 0 3549 3356
6453 4755 133711 133711 133711 2 i
* 103.197.104.1 0 134708 6453
4755 133711 133711 133711 2 i
* 212.66.96.126 0 20912 174
6453 4755 133711 133711 133711 2 i
* 217.192.89.50 0 3303 6453
4755 133711 133711 133711 2 i
* 203.62.252.83 0 1221 4637
6453 4755 133711 133711 133711 2 i
* 91.143.144.0/20 208.51.134.254 0 0 3549 3356
12389 41837 41837 2 i
* 212.66.96.126 0 20912 1267
12389 41837 41837 2 i
* 37.139.139.0 0 57866 6762
12389 41837 41837 2 i
* 195.208.112.161 0 3277 3267
12389 41837 41837 2 i
* 93.104.209.174 0 58901 51167
3356 12389 41837 41837 2 i
* 193.0.0.56 0 3333 1103
12389 41837 41837 2 i
* 103.63.234.0/24 208.51.134.254 0 0 3549 3356
2914 132602 58715 55406 2 134403 i
* 212.66.96.126 0 20912 174
132602 58715 55406 2 65501 134403 i
* 134.222.87.1 650 0 286 6762
132602 58715 55406 2 134403 i
* 194.85.40.15 0 0 3267 174
132602 58715 55406 2 65501 134403 i
* 12.0.1.63 0 7018 2914
132602 58715 55406 2 134403 i
* 37.139.139.0 0 57866 6762
132602 58715 55406 2 134403 i
(and lot more!)
On Fri, Apr 13, 2018 at 12:31 AM, Job Snijders <job at instituut.net> wrote:
> On Thu, 12 Apr 2018 at 11:52, Matt Harris <matt at netfire.net> wrote:
>
> > On Thu, Apr 12, 2018 at 12:05 PM, <lists at as23738.net> wrote:
> >
> > > Have you tried their IRR entries? Bull appears to redirect to Atos now
> > > (site-wise).
> > >
> > > notify: ed.gienko at atos.net
> > > notify: charlie.molnar at atos.net
> > > changed: christophe.fraule at atos.net 20180117 #18:47:40Z
> > >
> >
> > I'm now in touch with Christophe; it looks as though perhaps there's a
> > separate, rogue AS 6 running around with a different set of
> peers/transits,
> > as he was able to confirm that none of his gear is advertising these
> > prefixes.
>
>
>
> That is what I feared as well. It appears the single digit ASNs often fall
> victim of other people’s misconfigurations or malicious activities. Hard to
> separate the impersonator from the real autonomous system.
>
> Job
>
--
Anurag Bhatia
anuragbhatia.com
More information about the NANOG
mailing list