Hi,
On the 5th we notice that 27048 was announcing 2 of ours /24
812 3549 209 721 27064 27047 27047 27047 27048
It lasted about 9h but didn't impact anything due to its prepend and
such...
My inquiry is:
. False positive?
. Broken 16b <=> 32b ASN's?
. Human Error?
. I should remove my Echelon triggering keywords from my
personal .sig?
( 27048 is part of a US DoD ASN range =D ).
I check around and it happened a few times in the past.
( I saw a CIDR report in 2008 where 27048 was announcing 8m+ IP's )
Let me know.
Hi,
On the 5th we notice that 27048 was announcing 2 of ours /24
812 3549 209 721 27064 27047 27047 27047 27048
maybe 721 doesn't have prefix AND as-path filters? (or 209 maybe?)
or intentional filtering gone wrong 
http://puck.nether.net/bgp/leakinfo.cgi?search=do&search_prefix=&search_aspath=&search_asn=&recent=1000&source=nanog20130312
I know I see lots of these cases of intentional filtering gone wrong.
eg: XO(2828) routes being leaked via a customer to Cogent(174)
I didn't see anything related to 27048 in the past few years history at all, but there is bad filtering all over the place.
Please combine as-path filtering with your traditional prefix-list filtering as well to block these as-paths.
- Jared