nanog mailing list archives
RE: AS16387 leaking routes
From: "Ernest Andrew McCracken (emccrckn)" <emccrckn () memphis edu>
Date: Mon, 15 Feb 2010 17:13:58 -0600
There are other ASN changes as well as from other peers. Here are some just a few minutes old. Date|Time|timestamp|Peer IP|Peer ASN|Event Description|Prefix|old AS|new AS 20100215|17:11:13|1266275473183|164.128.32.11|3303|ORIGIN_CHANGE|192.156.97/24|5651|16387 20100215|17:11:13|1266275473309|164.128.32.11|3303|PING REQUEST|198.133.160.1 20100215|17:11:14|1266275474310|164.128.32.11|3303|PING RESPONSE|198.133.160.1|NO RESPONSE 20100215|17:11:14|1266275474310|164.128.32.11|3303|PING REQUEST|198.133.160.2 20100215|17:11:15|1266275475311|164.128.32.11|3303|PING RESPONSE|198.133.160.2|NO RESPONSE 20100215|17:10:05|1266275405989|164.128.32.11|3303|ORIGIN_CHANGE|91.200.172/22|43929|16387 20100215|17:05:13|1266275113867|164.128.32.11|3303|ORIGIN_CHANGE|193.169.44/23|49381|16387 20100215|16:59:02|1266274742071|154.11.11.113|852|ORIGIN_CHANGE|20.132.1/24|21877|16387 20100215|16:55:23|1266274523372|154.11.98.225|852|ORIGIN_CHANGE|91.210.10/24|47245|16387 20100215|16:50:47|1266274247250|154.11.11.113|852|ORIGIN_CHANGE|141.197.8/23|22764|16387 all with ridiculously long paths ofc. -Ernest McCracken ________________________________________ From: christopher.morrow () gmail com [christopher.morrow () gmail com] On Behalf Of Christopher Morrow [morrowc.lists () gmail com] Sent: Monday, February 15, 2010 4:46 PM To: Ernest Andrew McCracken (emccrckn) Cc: nanog () nanog org Subject: Re: AS16387 leaking routes On Mon, Feb 15, 2010 at 5:32 PM, Ernest Andrew McCracken (emccrckn) <emccrckn () memphis edu> wrote:
Has anyone seen the strange activity from AS16387? Did they leak their entire table? Our route collectors are showing AS16387 originating large numbers of prefixes. It looks like we caught the tail end of this activity as they are now announcing updates with massive amounts of prepending.
16387 is a uunet customer, it seems, who's only annoucing (now) 2 prefixes... Robtex seems to support them only having a single upstream (701). I think 701 still prefix-lists all their customers. You saw this through 3303 without 701 (it seems?) in the path, The orignal prefix looks actually like 95.79.192.0/19 in the path: 34533 16387 that looks like ESamara trying to poison their paths toward 'healthy directions, LLC". maybe ESamara saw something they disliked from this part of the network? -Chris
Current thread:
- AS16387 leaking routes Ernest Andrew McCracken (emccrckn) (Feb 15)
- Re: AS16387 leaking routes Christopher Morrow (Feb 15)
- RE: AS16387 leaking routes Ernest Andrew McCracken (emccrckn) (Feb 15)
- Re: AS16387 leaking routes Christopher Morrow (Feb 15)
- Re: AS16387 leaking routes Christopher Morrow (Feb 15)
- RE: AS16387 leaking routes Ernest Andrew McCracken (emccrckn) (Feb 15)
- Re: AS16387 leaking routes Christopher Morrow (Feb 15)