If there is DDoS attack going on from/to specific /32, sometimes they do that to avoid too much overload for the network. Cogent should give the answer for what's going on. Alex Zak Thompson wrote:
We had a problem with cogent about a year ago. Somehow.. cymru was announcing a /32 of ours and black holing it for whatever reason. It was removed but wasn't happy that cogent was allowing cymru to do this sort of action. To this date we do not have a valid reason from cogent on why they allowed this to happen.
Cheers, Zak Thompson
-----Original Message----- From: ML [mailto:ml@kenweb.org] Sent: Friday, October 02, 2009 7:23 AM To: nanog@nanog.org Subject: Cogent leaking /32s?
I received an alert from Cyclops telling me a probe in AS513 had seen a /32 that I announce to Cogent for one of our BGP sessions.
Did anyone else see this?