Re: Invalid prefix announcement from AS9035 for 129.77.0.0/16

[christian <christian () automatick net>]

On Sat, Oct 10, 2009 at 4:24 PM, ML <ml () kenweb org> wrote:
> Matthew Huff wrote:
> > About 4 hours ago BGPmon picked up a rogue announcement of 129.77.0.0 from
> > AS9035 (ASN-WIND Wind Telecomunicazioni spa) with an upstream of AS1267
> > (ASN-INFOSTRADA Infostrada S.p.A.). I don't see it now on any looking glass
> > sites. Hopefully this was just a typo that was quickly corrected. I would
> > appreciate if people have time and can double check let me know if any
> > announcements are active except from our AS6128/AS6395 upstreams.
> >
> > If this were to persist, what would be the best course of action to
> > resolve it, especially given that the AS was within RIPE.
> >
> >
> >
> > ----
> > Matthew Huff       | One Manhattanville Rd
> > OTA Management LLC | Purchase, NY 10577
> > http://www.ox.com  | Phone: 914-460-4039
> > aim: matthewbhuff  | Fax:   914-460-4139
>
> Was there an explanation for the leak posted?
>
>
> Maybe this was a coincidence but the only prefixes I received alerts on were
> prefixes I only advertise to Level3.  There was one exception. There was a
> leaked prefix that is the next /24 above on our Level3 only prefixes.
>
> -ML

on a side note, has anyone that's running any of these type of
monitoring services
performed any analysis or compiled any metrics on leaks? (renesys maybe?)

personally, i'd be sort of interested in seeing some stats on leaks such as:

origin (asn/network, country, common/exchange point)
duration of leak
size of leak
# of upstream networks that accepted the leaked prefixes
asn of networks that accepted the leak
# of incidents per network/repeat offenders


-ck