nanog mailing list archives
Re: odd hijack
From: Michael.Dillon () btradianz com
Date: Fri, 10 Nov 2006 13:13:15 +0000
My question to the community is, what kind of misconfiguration could cause this set of prefixes to be announced?
11.0.0.0/8 12.0.0.0/7 121.0.0.0/8 122.0.0.0/7 124.0.0.0/7 126.0.0.0/8 128.0.0.0/3
etc ... This looks to me like some large multinational leaked their internal announcements to an ISP. It is not unusual for large companies to use random unregistered /8 blocks in their internal networks. There are all kinds of applications that need to talk across networks which do not need any Internet connectivity or any direct connectivity to general use workstations. This network traffic would normally be hidden inside some kind of VPN on the same infrastructure as other corporate traffic. So to answer your question, first look for all the ways that a misconfiguration could allow routing information to leak out of some flavor of VPN. --Michael Dillon
Current thread:
- Re: odd hijack, (continued)
- Re: odd hijack Hank Nussbacher (Nov 09)
- Re: odd hijack Josh Karlin (Nov 09)
- Re: odd hijack Hank Nussbacher (Nov 10)
- Re: odd hijack steve (Nov 10)
- Re: odd hijack Nick Feamster (Nov 10)
- Re: odd hijack Randy Bush (Nov 10)
- Re: odd hijack Josh Karlin (Nov 10)
- Re: odd hijack Randy Bush (Nov 10)
- Re: odd hijack Josh Karlin (Nov 09)
- Re: odd hijack Nick Feamster (Nov 10)
- Re: odd hijack Hank Nussbacher (Nov 09)