AS 8437 announced a quarter of the net for half of an hour
Greetings, Today (Aug 14th 2006) AS 8437 announced 63 /8 nets from 14:30 to 15:00 UTC. I don't believe that this is normal, but please correct me if I am wrong. More info can be found at the Internet Alert Registry here: http://cs.unm.edu/~karlinjf/IAR/prefix.php?filter=most If you come to this 24 hours of the event, you can go here: http://cs.unm.edu/~karlinjf/IAR/search.php and do an Hijacker AS search on 8437. If you would like to see the routes as they happened from a RIPE viewpoint, please check out this very cool site: http://stats.sunet.se/bgpsearch/ Following is the list of announced nets: 1/8 2/8 5/8 7/8 23/8 27/8 31/8 36/8 37/8 39/8 42/8 49/8 50/8 77/8 78/8 79/8 92/8 93/8 94/8 95/8 96/8 97/8 98/8 99/8 100/8 101/8 102/8 103/8 104/8 105/8 106/8 107/8 108/8 109/8 110/8 111/8 112/8 113/8 114/8 115/8 116/8 117/8 118/8 119/8 120/8 173/8 174/8 175/8 176/8 177/8 178/8 179/8 180/8 181/8 182/8 183/8 184/8 185/8 186/8 187/8 197/8 198/8 223/8
On Mon, Aug 14, 2006 at 01:36:36PM -0600, Josh Karlin wrote:
Greetings,
Today (Aug 14th 2006) AS 8437 announced 63 /8 nets from 14:30 to 15:00 UTC. I don't believe that this is normal, but please correct me if I am wrong.
Note they're all unallocated blocks, so probably someone's attempt at bogon filtering got leaked inadvertently. Since they're all unallocated blocks, it shouldn't have done any harm, and anyone with reasonably intelligent routing policies should have blocked those routes anyways. :P And may there be a special circle of hell reserved for the weenies who do stupid unnecessary shit that breaks more than it fixes in the name of security. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Ah, I believe you're right. Thanks for clearing it up! I had looked up a couple of the prefixes to see if they had owners and I thought I had seen one, but I must have made a typo. I like my swimming pool of lava thank you very much :p Josh On 8/14/06, Richard A Steenbergen <ras@e-gerbil.net> wrote:
On Mon, Aug 14, 2006 at 01:36:36PM -0600, Josh Karlin wrote:
Greetings,
Today (Aug 14th 2006) AS 8437 announced 63 /8 nets from 14:30 to 15:00 UTC. I don't believe that this is normal, but please correct me if I am wrong.
Note they're all unallocated blocks, so probably someone's attempt at bogon filtering got leaked inadvertently. Since they're all unallocated blocks, it shouldn't have done any harm, and anyone with reasonably intelligent routing policies should have blocked those routes anyways. :P
And may there be a special circle of hell reserved for the weenies who do stupid unnecessary shit that breaks more than it fixes in the name of security. :)
-- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Mon, 14 Aug 2006 22:56:58 EDT, Richard A Steenbergen said:
And may there be a special circle of hell reserved for the weenies who do stupid unnecessary shit that breaks more than it fixes in the name of security. :)
Anybody announced 127/8 lately? Did anybody actually notice/care? :)
On Tue, 15 Aug 2006 Valdis.Kletnieks@vt.edu wrote:
On Mon, 14 Aug 2006 22:56:58 EDT, Richard A Steenbergen said:
And may there be a special circle of hell reserved for the weenies who do stupid unnecessary shit that breaks more than it fixes in the name of security. :)
Anybody announced 127/8 lately? Did anybody actually notice/care? :)
Indeed, it seems like human error. 1. To state the obvious, human error on the Internet can cause a catastrophe. It's not really "secure". 2. Why assume human error? I always ask "why assume malice?", that does not deny us the posibility of the oposite. It sure would be interesting to see what traffic unallocated space gets beyond some dark matter that floats into honey nets of sorts here and there. Gadi.
On Tue, 15 Aug 2006, Gadi Evron wrote:
It sure would be interesting to see what traffic unallocated space gets beyond some dark matter that floats into honey nets of sorts here and there.
if you route 127.0.0.0/8 to a host you sometimes get interesting syslog messages :) (sent to 127.0.0.1 on hosts with loopback misconfig'd or 'down'). At one point I'd seen 'default' advertised on a network suck down 600kpps ... that was 'entertaining'.
At 12:03 PM 8/15/2006, Valdis.Kletnieks@vt.edu wrote:
On Mon, 14 Aug 2006 22:56:58 EDT, Richard A Steenbergen said:
And may there be a special circle of hell reserved for the weenies who do stupid unnecessary shit that breaks more than it fixes in the name of security. :)
Anybody announced 127/8 lately? Did anybody actually notice/care? :)
If someone _really_ wants the junk addressed to 127/8, they are welcome to have it :) John
participants (7)
-
Christopher L. Morrow
-
Gadi Evron
-
John Dupuy
-
Josh Karlin
-
Randy Bush
-
Richard A Steenbergen
-
Valdis.Kletnieks@vt.edu