nanog mailing list archives
Re: Announcing a reserved ASN?
From: Owen DeLong <owen () delong com>
Date: Sun, 3 Feb 2013 11:40:11 -0800
AS23456 is what you get if your system doesn't properly support 32-bit ASNs and an AS-PATH (or peer) uses a 32-bit ASN. There should be an extended attribute on the route that contains the full 32-bit AS-PATH called AS4_PATH associated with any such routes. Arguably any route containing AS23456 without an AS4_PATH attribute is invalid and could be filtered. Unfortunately, routers that would display AS23456 instead of restoring the full 32-bit AS_PATH may not be able to identify this. A properly transmitted route from a 4-byte ASN will be recovered as follows: 91.217.86.0/23 *[BGP/170] 1w5d 09:11:37, MED 101, localpref 100 AS path: 8121 1299 3209 197269 I > to 192.124.40.129 via ge-0/0/0.0 OTOH, you may occasionally see artifacts like this (I don't know why): 91.217.87.0/24 *[BGP/170] 1w5d 09:10:16, MED 101, localpref 100 AS path: 8121 1299 174 23456 197269 I > to 192.124.40.129 via ge-0/0/0.0 But if you are seeing 23456 on an AS4 capable router without at least some indication of a 4-byte ASN in the path, it's probably fishy. On Feb 3, 2013, at 4:57 AM, Suresh Ramasubramanian <ops.lists () gmail com> wrote:
At least the 103.x which are announced by airtel. The other netblocks (one Indian and two brazilian) appear unrelated though also showing as23456 --srs (htc one x) On 03-Feb-2013 6:12 PM, "Suresh Ramasubramanian" <ops.lists () gmail com<javascript:_e({}, 'cvml', 'ops.lists () gmail com');>> wrote:AS23456 is currently announcing a good few netblocks (which don't have a very good smtp reputation, by the way). Funny thing is, that's a special use ASN as per rfc4893, something about two octet ASNs that don't have a four octet representation. Only one upstream (airtelbroadband-as-ap, as24560) that I can see103.7.204.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.14.208.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.23.124.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.30.12.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.245.112.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
111.235.148.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
177.55.249.0/24
Missing AS4_PATH -- Probably a spoofed/hijacked route
186.251.192.0/21
Missing AS4_PATH -- Probably a spoofed/hijacked route If you're motivated to pursue this, the best thing to do is probably to contact the last legitimate AS before 23456 in the AS-PATH and inquire. Owen
Current thread:
- Announcing a reserved ASN? Suresh Ramasubramanian (Feb 03)
- Announcing a reserved ASN? Suresh Ramasubramanian (Feb 03)
- Re: Announcing a reserved ASN? Owen DeLong (Feb 03)
- Re: Announcing a reserved ASN? Rich Kulawiec (Feb 03)
- <Possible follow-ups>
- Re: Announcing a reserved ASN? Dave Pooser (Feb 03)
- Re: Announcing a reserved ASN? Suresh Ramasubramanian (Feb 03)
- Re: Announcing a reserved ASN? Brandon Ross (Feb 03)
- Re: Announcing a reserved ASN? Richard Barnes (Feb 03)
- Re: Announcing a reserved ASN? Suresh Ramasubramanian (Feb 03)
- Announcing a reserved ASN? Suresh Ramasubramanian (Feb 03)