North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: odd hijack

  • From: Josh Karlin
  • Date: Fri Nov 10 01:04:12 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=FCBlS+jlNf5ccyh3A9cabwkmcfyREecoGBiy/npEmCiQlM4a3CoAwSNxB689eATjG2rYI+QM2XqNuoq0Irm/lD6BZcu+foUD1SH0B9vEo799xg+t5e/PIRJyd9IaWbkZnEjQ26Ou3Xrd2yZX8/62xrFehHpPY+ixWetgfKXi6R8=

Wouldn't they want to hijack more specifics to spam?  I doubt much of
that space is going to correctly route for spamming purposes.

On 11/9/06, Hank Nussbacher <[email protected]> wrote:
On Thu, 9 Nov 2006, Josh Karlin wrote:

> Here is one that is somewhat the opposite, the AS announced a
> significant portion of IANA allocated space.  Note, they are large
> blocks and as such probably did not cause much damage because most
> networks announce more specifics.  My question to the community is,
> what kind of misconfiguration could cause this set of prefixes to be
> announced?   I asked the AS responsible, but have not had a response.

Misconfiguration? :-)  That's a nice word for spammer.  See Joe's PPT at:

AS29449 is not the problem.  It is the upstreams of AS5602 (KPNQwest
Italia) and AS286 (KPN) that let this crap leak.

-Hank Nussbacher