nanog mailing list archives
Rogue objects in routing databases
From: Florian Brandstetter <florianb () globalone io>
Date: Sat, 25 Jan 2020 00:06:51 +0100
It appears that there is currently an influx of rogue route objects created within the NTTCOM and RaDB IRR databases, in connection to Quadranet (AS8100) and China Mobile International (CMI). Examples of affected networks are: 193.30.32.0/23 45.129.92.0/23 45.129.94.0/24 Networks, which have seemingly no affiliation with Quadranet, nor China Mobile International (CMI), which merely appears to be an upstream of Quadranet and hence creates the route objects in an automated manner. Another person has already reached out to Quadranet to find out the root cause of the creation of these objects. Their support gave an ETA of 24-72 hours. The route objects are all identical: route: 193.30.32.0/23 descr: CMI (Customer Route) origin: AS8100 mnt-by: MAINT-AS58453 changed: qas_support () cmi chinamobile com 20200117 source: RADB There appears to be a correlation with the affected networks, a fair share of them is part of AS-SBAG, which in turn is part of AS-VMHAUS, which in turn is part of AS- QUADRANET and could yield the importing of these prefixes. AS-VMHAUS appears to be a customer of Quadranet, listed within AS-QUADRANET-CUSTOMER-ASSET. These networks do however have no direct connection to Quadranet, and are not affiliated with Quadranet, nor are currently connected to Quadranet, which, entirely ignoring that the `origin` points to Quadranet, makes the route object illicit. Basically this has given AS8100, whether that be legitimately Quadranet, or somebody impersonating/spinning up a rogue AS8100, theoretical control over a massive amount of prefixes, as these can be advertised without restrictions and very likely reach a fairly high percentage of global visibility. -- Florian Brandstetter President & Founder SquareFlow Network LTD.
Current thread:
- Rogue objects in routing databases Florian Brandstetter (Jan 24)
- Re: Rogue objects in routing databases Job Snijders (Jan 24)
- Re: Rogue objects in routing databases Martijn Schmidt via NANOG (Jan 24)
- Re: Rogue objects in routing databases Florian Brandstetter (Jan 25)
- Re: Rogue objects in routing databases Stephane Bortzmeyer (Jan 27)
- Re: Rogue objects in routing databases Florian Brandstetter (Jan 27)