------ tme@multicasttech.com wrote: ----------
So, do you think this was lots of little tests / hijacks / mistakes ?
Or did it just not propagate very far ?
Note that my bgp was through Cogent - my guess is they did filter.
Marshall
Scott Weeks wrote:
------ tme@multicasttech.com wrote: ----------
From: Marshall Eubanks <tme@multicasttech.com>So, do you think this was lots of little tests / hijacks / mistakes ? Or did it just not propagate very far ?
---------------------------------------------According to Andree Toonk (and someone confirmed privately) ASN 8997 leaked a full table to ASN 3267 (who didn't filter!). The only upstream of ASN 3267 I saw in bgplay was ASN 174 (Cogent) who seems to have filtered, but I can't confirm. So I guess that the impact would've only been to the peers downstream of ASN 3267.
scott
---------------------------------------------
Andree Toonk <andree+nanog@toonk.nl>Not a false positive, It actually was detected by the RIS box in Moscow (rrc13). Strange that it's not visible in RIS search website, but it's definitely in the raw data files.
Looking at that raw data from both routeviews and Ripe, it looks like they (AS8997) 'leaked' a full table, i.e. :
----------------------------------------------
I did some analysis of updates on routeviews.
The only routeviews peer I saw leaking the routes
was AS3277 (out of 42 peers). There were roughly
117,000 prefixes with origin AS8997 with the path
going through AS3267 to AS3277. The initial
announcements were seen at 09:29:32 UTC and
updates with the correct path were seen starting
at about 09:36:42 UTC (last ones seen at 09:43:42).
-Larry