|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
In-Reply-To: <F0FF60999EF88B46A51094F8D4E537E330F98C73@itexbe12.uom.memphis.edu> Date: Mon, 15 Feb 2010 17:46:18 -0500 From: Christopher Morrow <morrowc.lists@gmail.com> To: "Ernest Andrew McCracken (emccrckn)" <emccrckn@memphis.edu> Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org On Mon, Feb 15, 2010 at 5:32 PM, Ernest Andrew McCracken (emccrckn) <emccrckn@memphis.edu> wrote: > Has anyone seen the strange activity from AS16387? =A0Did they leak their= entire table? =A0Our route collectors are showing AS16387 originating larg= e numbers of prefixes. =A0It looks like we caught the tail end of this acti= vity as they are now announcing updates with =A0massive amounts of prependi= ng. 16387 is a uunet customer, it seems, who's only annoucing (now) 2 prefixes... Robtex seems to support them only having a single upstream (701). I think 701 still prefix-lists all their customers. You saw this through 3303 without 701 (it seems?) in the path, The orignal prefix looks actually like 95.79.192.0/19 in the path: 34533 16387 that looks like ESamara trying to poison their paths toward 'healthy directions, LLC". maybe ESamara saw something they disliked from this part of the network? -Chris
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |