IPv4 and IPv6 hijacking by AS 6

Christopher Morrow morrowc.lists at gmail.com
Sat Apr 14 00:13:40 UTC 2018


On Fri, Apr 13, 2018 at 10:35 PM, Randy Bush <randy at psg.com> wrote:

> > I believe we've seen bogus low AS number announcements a few times
> > before, and they've usually been caused by attemts to configure
> > AS path prepending without understanding and/or reading the docs.
> >
> > Someone might have wrongly assumed that
> >
> >    set as-path prepend 133711 133711
> >
> > could be written shorter like
> >
> >    set as-path prepend 133711 2
> >
> > and there you go...
>
> for someone else's prefix?
>

Perhaps their policy is something like:
  "prepend all of transit-provider-1 prefixes by 2, their links are crappy
today"

followed by output policy:
  "permit all of my prefixes (matched by as-path-regex) and my customer
prefixes (matched by community)"

there's probably a bunch of ways this can go sideways, that's just one
simple (and seen before) example.


More information about the NANOG mailing list