IPv4 and IPv6 hijacking by AS 6
bjorn at mork.no
Sat Apr 14 11:26:20 UTC 2018
Randy Bush <randy at psg.com> writes:
>> I believe we've seen bogus low AS number announcements a few times
>> before, and they've usually been caused by attemts to configure
>> AS path prepending without understanding and/or reading the docs.
>> Someone might have wrongly assumed that
>> set as-path prepend 133711 133711
>> could be written shorter like
>> set as-path prepend 133711 2
>> and there you go...
> for someone else's prefix?
No, of course not. At least I have no reason to beliece so.
I briefly looked at a couple of the examples Anurag posted. And for
those, the next AS number in the path seemed consistent with the prefix
* 184.108.40.206/24 220.127.116.11 0 0 3549 3356 6453 4755 133711 133711 133711 2 i
* 18.104.22.168/20 22.214.171.124 0 0 3549 3356 12389 41837 41837 2 i
bjorn at miraculix:~$ whois 126.96.36.199/24 |grep origin
bjorn at miraculix:~$ whois 188.8.131.52/20 |grep origin
More information about the NANOG