[140229] in North American Network Operators' Group
Re: Suspecious anycast prefixes
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Thu May 5 14:17:45 2011
Date: Thu, 5 May 2011 18:16:45 +0000
From: bmanning@vacation.karoshi.com
To: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <31E0CDD1-AC16-4E5A-843E-C670F9148E84@hopcount.ca>
Cc: bmanning@vacation.karoshi.com, nanog@nanog.org,
"Yaoqing\(Joey\) Liu" <joey.liuyq@gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, May 05, 2011 at 11:54:17AM +0300, Joe Abley wrote:
>
> On 2011-05-05, at 11:46, bmanning@vacation.karoshi.com wrote:
>
> > On Wed, May 04, 2011 at 10:23:12PM -0500, Yaoqing(Joey) Liu wrote:
> >> 198.32.64.0/24
> >> AS4555:ASName: EP0-BLK-ASNBLOCK-5;OrgName:Almond Oil Process, LLC.
> >> AS9584:as-name:GENESIS-AP|descr:Diyixian.com Limited|country:HK
> >> AS20144:ASName: L-ROOT;Comment:distributed using Anycast.
> >> AS42909: as-name: COMMUNITYDNS;descr: Internet
> >> Computer Bureau Ltd
> >
> > according to Filip, this is -NOT- supposed to be
> > anycast. the only legal origin ASN is 4555.
> >
> > these other ASNs have hijacked the prefix.
>
> The source data above may be old, or simply wrong -- I don't see *any* AS originating that prefix right now, and I can confirm specifically AS20144 is not configured to originate it.
>
> Perhaps I'm misunderstanding the original question, but the assertion that anybody is hijacking that particular prefix seems false.
>
>
> Joe
back in the olden days, this prefix was in active use and for a period of time was anycast.
methinks Joey was refering to routing -today-...
one might ask the question, how can you tell when an un-authorized party originates routes
(yours), from your ASN - their router of course....
/bill
