Re: IPv4 and IPv6 hijacking by AS 6

["Jason S. Cash" <cash () udel edu>]

On Fri, 13 Apr 2018, Bjørn Mork wrote:

> Date: Fri, 13 Apr 2018 10:13:47 +0200
> From: Bjørn Mork <bjorn () mork no>
> To: Anurag Bhatia <me () anuragbhatia com>
> Cc: North American Network Operators' Group <nanog () nanog org>
> Subject: Re: IPv4 and IPv6 hijacking by AS 6
>
> Anurag Bhatia <me () anuragbhatia com> writes:
>
> > Similar for AS2.
>
> I believe we've seen bogus low AS number announcements a few times
> before, and they've usually been caused by attemts to configure
> AS path prepending without understanding and/or reading the docs.
>
> Someone might have wrongly assumed that
>
>   set as-path prepend 133711 133711
>
> could be written shorter like
>
>   set as-path prepend 133711 2
>
> and there you go...

 Yes, ASN2 sees about 1-4 configuration related "rogue" announcements per 
month.  What is going on right now does not appear to be a small 
misconfiguration.

 The only route we (University of Delaware) are announcing w/ ASN2 is 
128.4.0.0/16.

Jason



Jason Cash
Deputy CIO
University of Delaware
cash () udel edu
302-831-0461