[164639] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

BGPmon.net /32 hijack alerts

daemon@ATHENA.MIT.EDU (NetSecGuy)
Fri Jul 26 09:00:09 2013

Date: Fri, 26 Jul 2013 08:59:54 -0400
From: NetSecGuy <netsecguy@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

BGPMon.net has alerted me to /32 hijacks.  Does anyone have thoughts on
what this might be and if it's malicious or misconfiguration?

Date           OriginAS     Prefix          Type       ASPath
2013.07.24       25459  72.52.11.117/32 A       286 25459 25459 25459
2013.07.24       25459  72.52.11.117/32 A       3333 1103 286 25459 25459
25459
2013.07.24       25459  74.120.64.17/32 A       286 25459 25459 25459
2013.07.24       25459  74.120.64.17/32 A       3333 1103 286 25459 25459
25459
2013.07.24       25459  77.243.235.57/32        A       286 25459 25459
25459
2013.07.24       25459  77.243.235.57/32        A       3333 1103 286 25459
25459 25459
2013.07.24       25459  79.110.92.75/32 A       286 25459 25459 25459
2013.07.24       25459  79.110.92.75/32 A       3333 1103 286 25459 25459
25459
2013.07.24       25459  79.170.88.67/32 A       286 25459 25459 25459
2013.07.24       25459  79.170.88.67/32 A       3333 1103 286 25459 25459
25459
2013.07.24       25459  83.84.194.112/32        A       286 25459 25459
25459
2013.07.24       25459  83.84.194.112/32        A       3333 1103 286 25459
25459 25459
2013.07.24       25459  89.33.242.99/32 A       286 25459 25459 25459
2013.07.24       25459  89.33.242.99/32 A       3333 1103 286 25459 25459
25459
2013.07.24       25459  91.121.183.228/32       A       286 25459 25459
25459
2013.07.24       25459  91.121.183.228/32       A       3333 1103 286 25459
25459 25459
2013.07.24       25459  91.121.82.179/32        A       286 25459 25459
25459
2013.07.24       25459  91.121.82.179/32        A       3333 1103 286 25459
25459 25459
2013.07.24       25459  94.126.8.26/32  A       286 25459 25459 25459
2013.07.24       25459  94.126.8.26/32  A       3333 1103 286 25459 25459
25459
2013.07.24       25459  94.23.207.222/32        A       286 25459 25459
25459
2013.07.24       25459  94.23.207.222/32        A       3333 1103 286 25459
25459 25459
2013.07.24       25459  94.23.40.106/32 A       286 25459 25459 25459
2013.07.24       25459  94.23.40.106/32 A       3333 1103 286 25459 25459
25459
2013.07.24       25459  94.236.46.240/32        A       286 25459 25459
25459
2013.07.24       25459  94.236.46.240/32        A       3333 1103 286 25459
25459 25459
2013.07.24       25459  95.211.113.200/32       A       286 25459 25459
25459
2013.07.24       25459  95.211.113.200/32       A       3333 1103 286 25459
25459 25459
2013.07.24       25459  95.211.211.76/32        A       286 25459 25459
25459
2013.07.24       25459  95.211.211.76/32        A       3333 1103 286 25459
25459 25459

My first thought is leaked null routes.    Is this even worth alerting on?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[164639] in North American Network Operators' Group

BGPmon.net /32 hijack alerts

daemon@ATHENA.MIT.EDU (NetSecGuy)Fri Jul 26 09:00:09 2013

daemon@ATHENA.MIT.EDU (NetSecGuy)
Fri Jul 26 09:00:09 2013