nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question about bogon prefix

From: Robert Drake <rdrake () direcpath com>
Date: Tue, 10 Jun 2014 00:57:23 -0400

On 6/9/2014 11:00 PM, Song Li wrote:

Hi everyone,

I found many ISP announced bogon prefix, for example:

OriginAS Announcement Description
AS7018  172.116.0.0/24    unallocated
AS209   209.193.112.0/20 unallocated
my question is why the tier1 and other ISP announce these unallocated bogon prefixes, and another interesting question is:
You could also ask why are other providers accepting the route, since I could announce 209.193.112.0/20 from my router and my upstream would reject it.
Of course, those two ASNs have a huge number of routes so they probably aren't filtered as closely by their peers.
But.. even if you're hyper diligent and blocking bogon routes, you'll need to ask yourself why it's not in the bogon list:
curl -s http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt | grep 209.193 

It's also not on http://www.cymru.com/BGP/bogons.html but 172.116.0.0/24 is.

Now, according to this:
http://myip.ms/view/ip_addresses/3519115264/209.193.112.0_209.193.112.255
It belongs to the Franciscan Health System. The one IP that is in DNS seems to back this up (it's called mercyvpn.org) 

Whois Record created: 04 Jan 2005
Whois Record updated: 24 Feb 2012
My guess is one of two things. Maybe they renumbered out of the /20 but left a VPN server up and haven't managed to migrate off it yet, but they have asked to return the block.. or, they forgot to pay their bill to ARIN and the block has been removed from whois but Qwest isn't as diligent because they're still being paid.
I've CC'd the technical contact listed in the old whois information so maybe he can get things corrected.
If I am ISP, can I announce the same bogon prefix(172.116.0.0/24) with AS7018 announced? Will this result in prefix hijacking? 

Thanks!
I can find nothing on google that offers any legitimacy for 172.116.0.0/24, but it is has been announced for 2 years so maybe there is some squatters rights at least. It doesn't appear to be a spam source and I don't think any hosts are up on it right now. Maybe it's a test route that never got removed. It makes me sad that nobody at ATT reads the CIDR report. They've only got a couple of bogon announcements so it would be trivial for them to either acknowledge them and claim legitimacy or clean them up.
Previous By Date Next
Previous By Thread Next

Current thread: