My question to the community is, what kind of misconfiguration could cause this set of prefixes to be announced?
11.0.0.0/8 12.0.0.0/7 121.0.0.0/8 122.0.0.0/7 124.0.0.0/7 126.0.0.0/8 128.0.0.0/3 etc ...
This looks to me like some large multinational leaked their internal announcements to an ISP. It is not unusual for large companies to use random unregistered /8 blocks in their internal networks. There are all kinds of applications that need to talk across networks which do not need any Internet connectivity or any direct connectivity to general use workstations. This network traffic would normally be hidden inside some kind of VPN on the same infrastructure as other corporate traffic. So to answer your question, first look for all the ways that a misconfiguration could allow routing information to leak out of some flavor of VPN. --Michael Dillon