AS 6 is now announcing several IPv4 and IPv6 blocks of mine, and it looks
like I'm not alone. Does anyone have any contacts there, or know what
might be going on? The number of prefixes they're currently advertising is
tremendous. The phone numbers associated with AS6's RIR whois data are
non-functional. I've sent emails to their contacts listed in RIR whois
(Mike Abbott and John Luke Mills), but with phone numbers being dead, I'm
not optimistic.
If anyone is there who has any control over AS 6 or knows whom I can reach
out to, please let me know.
AS 6 is now announcing several IPv4 and IPv6 blocks of mine, and it looks
like I'm not alone. Does anyone have any contacts there, or know what
might be going on? The number of prefixes they're currently advertising is
tremendous. The phone numbers associated with AS6's RIR whois data are
non-functional. I've sent emails to their contacts listed in RIR whois
(Mike Abbott and John Luke Mills), but with phone numbers being dead, I'm
not optimistic.
I think that it's an issue. Perhaps, also consider filing a request here:
I'm now in touch with Christophe; it looks as though perhaps there's a
separate, rogue AS 6 running around with a different set of peers/transits,
as he was able to confirm that none of his gear is advertising these
prefixes.
That is what I feared as well. It appears the single digit ASNs often fall
victim of other people’s misconfigurations or malicious activities. Hard to
separate the impersonator from the real autonomous system.
I'm now in touch with Christophe; it looks as though perhaps there's a
separate, rogue AS 6 running around with a different set of peers/transits,
as he was able to confirm that none of his gear is advertising these
prefixes.
Maybe AS6 is used internally by the next AS on the path?
I believe we've seen bogus low AS number announcements a few times
before, and they've usually been caused by attemts to configure
AS path prepending without understanding and/or reading the docs.
I've definitely seen (and sadly, interacted with) operators that solved their "why doesn't non-meshed iBGP do what I'm expecting" problems by simply using different low-numbered ASNs internally (1,2,3... 19) instead of proper private ASNs.
I believe we've seen bogus low AS number announcements a few times
before, and they've usually been caused by attemts to configure
AS path prepending without understanding and/or reading the docs.
Yes, ASN2 sees about 1-4 configuration related "rogue" announcements per month. What is going on right now does not appear to be a small misconfiguration.
The only route we (University of Delaware) are announcing w/ ASN2 is 128.4.0.0/16.
Jason
Jason Cash
Deputy CIO
University of Delaware
cash@udel.edu
302-831-0461
I believe we've seen bogus low AS number announcements a few times
before, and they've usually been caused by attemts to configure
AS path prepending without understanding and/or reading the docs.
I believe we've seen bogus low AS number announcements a few times
before, and they've usually been caused by attemts to configure
AS path prepending without understanding and/or reading the docs.
Someone might have wrongly assumed that
set as-path prepend 133711 133711
could be written shorter like
set as-path prepend 133711 2
and there you go...
for someone else's prefix?
No, of course not. At least I have no reason to beliece so.
I briefly looked at a couple of the examples Anurag posted. And for
those, the next AS number in the path seemed consistent with the prefix
owner: