[176467] in North American Network Operators' Group
Low-numbered ASes being hijacked? [Re: BGP Update Report]
daemon@ATHENA.MIT.EDU (Simon Leinen)
Sun Nov 30 08:57:18 2014
X-Original-To: nanog@nanog.org
From: Simon Leinen <simon.leinen@switch.ch>
To: nanog@nanog.org
In-Reply-To: <201411282200.sASM024G003029@wattle.apnic.net>
(cidr-report@potaroo.net's message of "Fri, 28 Nov 2014 22:00:02 GMT")
Date: Sun, 30 Nov 2014 14:57:07 +0100
Errors-To: nanog-bounces@nanog.org
cidr-report writes:
> BGP Update Report
> Interval: 20-Nov-14 -to- 27-Nov-14 (7 days)
> Observation Point: BGP Peering with AS131072
> TOP 20 Unstable Origin AS
> Rank ASN Upds % Upds/Pfx AS-Name
[...]
> 11 - AS5 38861 0.6% 7.0 -- SYMBOLICS - Symbolics, Inc.,US
Disappointing to see Symbolics (AS5) on this list. I would expect these
Lisp Machines to have very stable BGP implementations, especially given
the leisurely release rhythm for Genera for the past few decades. Has
the size of the IPv4 unicast table started triggering global GCs?
Seriously, all these low-numbered ASes in the report look fishy. I
would have liked this to be an artifact of the reporting software (maybe
an issue with 4-byte ASes?), but I do see some strange paths in the BGP
table that make it look like (accidental or malicious) hi-hacking of
these low-numbered ASes.
Now the fact that these AS numbers are low makes me curious. If I
wanted to hijack other folks' ASes deliberately, I would probably avoid
such numbers because they stand out. Maybe these are just non-standard
"private-use" ASes that are leaked?
Some suspicious paths I'm seeing right now:
133439 5
197945 4
Hm, maybe 32-bit ASes do have something to do with this...
Any ideas?
--
Simon. (Just curious)
[...]
> 17 - AS3 30043 0.4% 3185.0 -- MIT-GATEWAYS - Massachusetts Institute of Technology,US
[...]
> TOP 20 Unstable Origin AS (Updates per announced prefix)
> Rank ASN Upds % Upds/Pfx AS-Name
[...]
> 13 - AS5 38861 0.6% 7.0 -- SYMBOLICS - Symbolics, Inc.,US
[...]
> 15 - AS4 21237 0.3% 871.0 -- ISI-AS - University of Southern California,US
[...]
> 19 - AS4 5345 0.1% 1437.0 -- ISI-AS - University of Southern California,US
> 20 - AS4 8784 0.1% 2303.0 -- ISI-AS - University of Southern California,US
