|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: odd hijack
> My question to the community is, > what kind of misconfiguration could cause this set of prefixes to be > announced? > 11.0.0.0/8 > 12.0.0.0/7 > 121.0.0.0/8 > 122.0.0.0/7 > 124.0.0.0/7 > 126.0.0.0/8 > 128.0.0.0/3 etc ... This looks to me like some large multinational leaked their internal announcements to an ISP. It is not unusual for large companies to use random unregistered /8 blocks in their internal networks. There are all kinds of applications that need to talk across networks which do not need any Internet connectivity or any direct connectivity to general use workstations. This network traffic would normally be hidden inside some kind of VPN on the same infrastructure as other corporate traffic. So to answer your question, first look for all the ways that a misconfiguration could allow routing information to leak out of some flavor of VPN. --Michael Dillon
|