IPv4 and IPv6 hijacking by AS 6
morrowc.lists at gmail.com
Sat Apr 14 00:13:40 UTC 2018
On Fri, Apr 13, 2018 at 10:35 PM, Randy Bush <randy at psg.com> wrote:
> > I believe we've seen bogus low AS number announcements a few times
> > before, and they've usually been caused by attemts to configure
> > AS path prepending without understanding and/or reading the docs.
> > Someone might have wrongly assumed that
> > set as-path prepend 133711 133711
> > could be written shorter like
> > set as-path prepend 133711 2
> > and there you go...
> for someone else's prefix?
Perhaps their policy is something like:
"prepend all of transit-provider-1 prefixes by 2, their links are crappy
followed by output policy:
"permit all of my prefixes (matched by as-path-regex) and my customer
prefixes (matched by community)"
there's probably a bunch of ways this can go sideways, that's just one
simple (and seen before) example.
More information about the NANOG