Ok, I realized I haven't done one of these since 2001, so it's time for an
updated list of /24 polluters. With /24s accounting for over 50% (more
than 71k) of the announcements on the Internet, it seems reasonable to try
and take a look at why there are so many.
One of the patterns which quickly becomes evident is the announcing of
"almost all" of a larger block, but with enough gaps that traditional
scripts which look for CIDR aggregation can miss it. For example, someone
who owns a /16 and announces it as 250 /24s might not show up in other
CIDR aggregation scripts because of the missing 5 /24s, or if 1 of the
/24s has a different AS Path.
So, solely for the purpose of looking for this pattern, I have written a
script which counts the number of /24s announced within a /16 (an
admittedly arbitrary range, but one which happens to work) with a
consistant AS Path, and sorts by the highest count. This of course doesn't
mean for certain that the netblock listed doesn't have a good reason for
their deaggregation, but odds are they don't or could otherwise take steps
to limit announcement to the general internet (for example a cable modem
provider with 250 individual routes /24s but only a single upstream
provider, who could announce a /16 globally and use no-export on the more
This is done from the point of view of a Global Crossing (AS3549) transit
feed, so things may look slightly different fromy our corner of the
Internet. You have been warned.
A summary of the top 250 netblocks by count:
Detailed list of the netblocks and AS Path by count:
A sorted list of the origin ASs contributing the /24s in the above lists:
If you are on the list or know someone who is, please encourage them to
take steps to clean up their act. You may now return to your regularly
scheduled complaining about Verisign.