There is some misinformation in previous posts that I would like to clarify on the Level 3 side of things.
Every transit-like connection on AS3356 is prefix-filtered including all parties in this event. On AS3356 all prefix filters and import policies on BGP sessions are audited and checked in almost realtime for people or system errors (missing, mis-referenced, not referenced, otherwise broken config, etc.) The prefix filters themselves are generated using data from Level 3's own registry and known public route registries. As several folks have pointed out there are minimal checks for the validity of the source information.
Further details on Level 3 filtering policies are available at:
whois -h rr.level3.net AS3356 | grep remarks
As an aside I see an increase in the number of downstreams asking for as-path filtering or *no* filtering usually with justifications of ISP X doesn't require us to register routes or just does as-path filtering. In my opinion that is bad news for everyone as documented in numerous BCPs, presentations and route-leaks.
-Kevin
Disclaimer - I do work for Level 3 but am expressing my opinions and not those of my employer.
There is some misinformation in previous posts that I would like to
clarify on the Level 3 side of things.
and I'd apologize for hinting that that might be the problem 
Level 3's own registry and known public route registries. As several
folks have pointed out there are minimal checks for the validity of the
source information.
this was what bit panix/edison I believe...
As an aside I see an increase in the number of downstreams asking for
as-path filtering or *no* filtering usually with justifications of ISP X
doesn't require us to register routes or just does as-path filtering. In
my opinion that is bad news for everyone as documented in numerous
BCPs, presentations and route-leaks.
agreed, there is this trend, it's disturbing (to me atleast) In the
number of customer conversations I've had about this it's always sort of
surprising that people think it's 'ok' to not have a prefix-list cause,
guess what: "if you don't have one and they don't have one... THEY will
get you eventually"
Many folks seem to think that they'll be OK because 'someone else' will be doing this for them, and so they're protected. They also don't think about the fact that they themselves could accidentally cause a problem for others (and, in some cases, for themselves, by acting as an inadvertent sinkhole). But when it's explained to them that a) if everyone thinks that 'someone else' will do the appropriate filtering, then nobody will do it, and b) that they can end up hosing themselves and also taking a big reputational hit, most people I talk to about this seem to understand.
The problem is that this is largely an ad-hoc, 1:1 type of educational effort, which doesn't scale well. And in many cases, folks seem to find it difficult to go to their management and explain that they must invest the opex to implement and maintain these policies (along with BCP38, iACLs, et. al.); sort of an inversion of "The Emperor's New Clothes", heh.