On Sun, Apr 18, 2010 at 10:15 AM, gordon b slater <gordslater@ieee.org> wrote:
On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote:
Interesting; I see similar results for my address space. Two addresses, one of which hasn't been attached to a machine for a decade and the other a virtual IP on a web server where the particular IP never emits connections. Magnitude's only "0.48" for both but still, they shouldn't even appear.
Yep, same here, at two seperate sites. It's in the "reserved for extreme emergencies" zone at the top of each assigned block. As per house practice it is tcpdumped 24/7, and has been for the last 4 years. Zero traffic from it at the perimiter.
Go figure.
Gord
Have you checked cyclops and other BGP announcement tracking systems to see if it might have been a short-lived whack-a-mole short prefix hijack (pop up, announce block, send burst of spam, remove announcement, disappear again)? Matt