[103114] in North American Network Operators' Group
Re: Kenyan Route Hijack
daemon@ATHENA.MIT.EDU (Ross Vandegrift)
Tue Mar 18 13:47:35 2008
From: Ross Vandegrift <ross@kallisti.us>
Date: Mon, 17 Mar 2008 08:25:02 -0400
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: Paul Vixie <vixie@isc.org>, nanog@merit.edu
In-Reply-To: <bb0e440a0803170043s78595697uf1d3d1e69a8f6099@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Mon, Mar 17, 2008 at 01:13:04PM +0530, Suresh Ramasubramanian wrote:
> anybody see similar routing loops for those other prefixes that'd make
> it look like 5999 is a blackhole community at abovenet, so this dude
> is seeing what ORBS saw way back when (2000, right) - that is, he had
> abuse issues, was downstream of a downstream of abovenet and got his
> /24 blackholed?
No, 6461:5999 is definitely not a blackhole community. I'm seeing
prefixes tagged 5999 that are reachable. See for example 62.80.96.0/19.
The only common factors I can see with these prefixes:
1) They are all announced with an AS path of 6461.
2) A large number seem to be related to dyanmic IP internet service.
Some are registered to wireless providers, some have reverse DNS that
indicates there's DSL behind them.
But then there's some stuff that looks to be non-ISP:
204.227.66.0/24 is registered to "Ann Taylor Stores Corp", is part of
ARIN assigned 204.227.64/19. However, none of the rest of that /19 is there.
Puzzling...
--
Ross Vandegrift
ross@kallisti.us
"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
