AS23456 is what you get if your system doesn't properly support 32-bit ASNs
and an AS-PATH (or peer) uses a 32-bit ASN.
There should be an extended attribute on the route that contains the full
32-bit AS-PATH called AS4_PATH associated with any such routes.
Arguably any route containing AS23456 without an AS4_PATH attribute is
invalid and could be filtered.
Unfortunately, routers that would display AS23456 instead of restoring the
full 32-bit AS_PATH may not be able to identify this.
A properly transmitted route from a 4-byte ASN will be recovered as follows:
91.217.86.0/23 *[BGP/170] 1w5d 09:11:37, MED 101, localpref 100
AS path: 8121 1299 3209 197269 I
> to 192.124.40.129 via ge-0/0/0.0
OTOH, you may occasionally see artifacts like this (I don't know why):
91.217.87.0/24 *[BGP/170] 1w5d 09:10:16, MED 101, localpref 100
AS path: 8121 1299 174 23456 197269 I
> to 192.124.40.129 via ge-0/0/0.0
But if you are seeing 23456 on an AS4 capable router without at least some
indication of a 4-byte ASN in the path, it's probably fishy.
At least the 103.x which are announced by airtel. The other netblocks (one
Indian and two brazilian) appear unrelated though also showing as23456
--srs (htc one x)
AS23456 is currently announcing a good few netblocks (which don't have a
very good smtp reputation, by the way).
Funny thing is, that's a special use ASN as per rfc4893, something about
two octet ASNs that don't have a four octet representation.
Only one upstream (airtelbroadband-as-ap, as24560) that I can see
103.7.204.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.14.208.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.23.124.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.30.12.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
103.245.112.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
111.235.148.0/22
Missing AS4_PATH -- Probably a spoofed/hijacked route
177.55.249.0/24
Missing AS4_PATH -- Probably a spoofed/hijacked route
186.251.192.0/21
Missing AS4_PATH -- Probably a spoofed/hijacked route
If you're motivated to pursue this, the best thing to do is probably to contact the last legitimate AS before 23456 in the AS-PATH and inquire.
Owen