nanog mailing list archives
Re: IPv4 and IPv6 hijacking by AS 6
From: Anurag Bhatia <me () anuragbhatia com>
Date: Fri, 13 Apr 2018 07:55:36 +0530
Similar for AS2. A view from Oregon Route-views for AS2 related paths: * 43.227.224.0/24 208.51.134.254 0 0 3549 3356 6453 4755 133711 133711 133711 2 i * 103.197.104.1 0 134708 6453 4755 133711 133711 133711 2 i * 212.66.96.126 0 20912 174 6453 4755 133711 133711 133711 2 i * 217.192.89.50 0 3303 6453 4755 133711 133711 133711 2 i * 203.62.252.83 0 1221 4637 6453 4755 133711 133711 133711 2 i * 43.227.225.0/24 208.51.134.254 0 0 3549 3356 6453 4755 133711 133711 133711 2 i * 103.197.104.1 0 134708 6453 4755 133711 133711 133711 2 i * 212.66.96.126 0 20912 174 6453 4755 133711 133711 133711 2 i * 217.192.89.50 0 3303 6453 4755 133711 133711 133711 2 i * 203.62.252.83 0 1221 4637 6453 4755 133711 133711 133711 2 i * 91.143.144.0/20 208.51.134.254 0 0 3549 3356 12389 41837 41837 2 i * 212.66.96.126 0 20912 1267 12389 41837 41837 2 i * 37.139.139.0 0 57866 6762 12389 41837 41837 2 i * 195.208.112.161 0 3277 3267 12389 41837 41837 2 i * 93.104.209.174 0 58901 51167 3356 12389 41837 41837 2 i * 193.0.0.56 0 3333 1103 12389 41837 41837 2 i * 103.63.234.0/24 208.51.134.254 0 0 3549 3356 2914 132602 58715 55406 2 134403 i * 212.66.96.126 0 20912 174 132602 58715 55406 2 65501 134403 i * 134.222.87.1 650 0 286 6762 132602 58715 55406 2 134403 i * 194.85.40.15 0 0 3267 174 132602 58715 55406 2 65501 134403 i * 12.0.1.63 0 7018 2914 132602 58715 55406 2 134403 i * 37.139.139.0 0 57866 6762 132602 58715 55406 2 134403 i (and lot more!) On Fri, Apr 13, 2018 at 12:31 AM, Job Snijders <job () instituut net> wrote:
On Thu, 12 Apr 2018 at 11:52, Matt Harris <matt () netfire net> wrote:On Thu, Apr 12, 2018 at 12:05 PM, <lists () as23738 net> wrote:Have you tried their IRR entries? Bull appears to redirect to Atos now (site-wise). notify: ed.gienko () atos net notify: charlie.molnar () atos net changed: christophe.fraule () atos net 20180117 #18:47:40ZI'm now in touch with Christophe; it looks as though perhaps there's a separate, rogue AS 6 running around with a different set ofpeers/transits,as he was able to confirm that none of his gear is advertising these prefixes.That is what I feared as well. It appears the single digit ASNs often fall victim of other people’s misconfigurations or malicious activities. Hard to separate the impersonator from the real autonomous system. Job
-- Anurag Bhatia anuragbhatia.com
Current thread:
- IPv4 and IPv6 hijacking by AS 6 Matt Harris (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 Loganaden Velvindron (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 lists (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 Matt Harris (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 Job Snijders (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 Anurag Bhatia (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 Bjørn Mork (Apr 13)
- Re: IPv4 and IPv6 hijacking by AS 6 David Hubbard (Apr 13)
- Re: IPv4 and IPv6 hijacking by AS 6 Jason S. Cash (Apr 13)
- Re: IPv4 and IPv6 hijacking by AS 6 Job Snijders (Apr 13)
- Re: IPv4 and IPv6 hijacking by AS 6 Randy Bush (Apr 13)
- Re: IPv4 and IPv6 hijacking by AS 6 Christopher Morrow (Apr 13)
- Re: IPv4 and IPv6 hijacking by AS 6 Bjørn Mork (Apr 14)
- Re: IPv4 and IPv6 hijacking by AS 6 Matt Harris (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 Vincent Bernat (Apr 12)
- Re: IPv4 and IPv6 hijacking by AS 6 Theodore Baschak (Apr 13)