[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Low-numbered ASes being hijacked? [Re: BGP Update Report]
- Subject: Low-numbered ASes being hijacked? [Re: BGP Update Report]
- From: hhoffman at ip-solutions.net (Harry Hoffman)
- Date: Sun, 30 Nov 2014 11:11:32 -0500
I'm currently looking into AS3 in an attempt to figure out what's going on.
Always interested to hear what others have found out.
Cheers,
Harry
On Nov 30, 2014 8:57 AM, Simon Leinen <simon.leinen at switch.ch> wrote:
>
> cidr-report writes:
> > BGP Update Report
> > Interval: 20-Nov-14 -to- 27-Nov-14 (7 days)
> > Observation Point: BGP Peering with AS131072
>
> > TOP 20 Unstable Origin AS
> > Rank ASN               Upds    % Upds/Pfx   AS-Name
> [...]
> > 11 - AS5Â Â Â Â Â Â Â Â Â Â Â Â Â Â 38861Â 0.6%Â Â Â Â Â Â 7.0 -- SYMBOLICS - Symbolics, Inc.,US
>
> Disappointing to see Symbolics (AS5) on this list. I would expect these
> Lisp Machines to have very stable BGP implementations, especially given
> the leisurely release rhythm for Genera for the past few decades. Has
> the size of the IPv4 unicast table started triggering global GCs?
>
> Seriously, all these low-numbered ASes in the report look fishy. I
> would have liked this to be an artifact of the reporting software (maybe
> an issue with 4-byte ASes?), but I do see some strange paths in the BGP
> table that make it look like (accidental or malicious) hi-hacking of
> these low-numbered ASes.
>
> Now the fact that these AS numbers are low makes me curious. If I
> wanted to hijack other folks' ASes deliberately, I would probably avoid
> such numbers because they stand out. Maybe these are just non-standard
> "private-use" ASes that are leaked?
>
> Some suspicious paths I'm seeing right now:
>
> Â 133439 5
> Â 197945 4
>
> Hm, maybe 32-bit ASes do have something to do with this...
>
> Any ideas?
> --
> Simon. (Just curious)
>
> [...]
> > 17 - AS3Â Â Â Â Â Â Â Â Â Â Â Â Â Â 30043Â 0.4%Â Â Â 3185.0 -- MIT-GATEWAYS - Massachusetts Institute of Technology,US
> [...]
>
> > TOP 20 Unstable Origin AS (Updates per announced prefix)
> > Rank ASN               Upds    % Upds/Pfx   AS-Name
> [...]
> > 13 - AS5Â Â Â Â Â Â Â Â Â Â Â Â Â Â 38861Â 0.6%Â Â Â Â Â Â 7.0 -- SYMBOLICS - Symbolics, Inc.,US
> [...]
> > 15 - AS4Â Â Â Â Â Â Â Â Â Â Â Â Â Â 21237Â 0.3%Â Â Â Â 871.0 -- ISI-AS - University of Southern California,US
> [...]
> > 19 - AS4Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 5345Â 0.1%Â Â Â 1437.0 -- ISI-AS - University of Southern California,US
> > 20 - AS4Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 8784Â 0.1%Â Â Â 2303.0 -- ISI-AS - University of Southern California,US