[nsp-sec] hijacked netspace
Danny McPherson
danny at tcb.net
Wed Feb 27 02:28:19 EST 2008
On Feb 27, 2008, at 12:10 AM, Barry Greene (bgreene) wrote:
> ----------- nsp-security Confidential --------
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hi Team,
>
> I'm working a post mortem on this leak. Taking assumptions we're
> making
> and getting into the details with the providers.
>
> I've found something I'm looking into. It looks like the origin of the
> leak was AS 38193 who leaked it to AS 38616 who then leaked it to AS
> 17557. The problem is that my initial looking into our historical
> announcements is not showing this advertisement.
All the data I've seen, including that from Renesys, the snippet below
posted to NANOG, and RIPE RIS indicate that AS 17557 was the AS that
originated the route, and PCCW (as 3491) was the upstream adjacent
AS.
[from Sargun on NANOG]
701 3491 17557
64.74.137.253 (metric 1) from 66.151.144.148 (66.151.144.148)
Origin IGP, metric 100, localpref 100, valid, external
Community: 65010:300
Last update: Sun Feb 24 11:33:05 2008 [PST8PDT]
3491 17557
216.218.135.205 from 216.218.135.205 (216.218.252.164)
Origin IGP, metric 100, localpref 100, valid, external, best
Last update: Sun Feb 24 10:47:57 2008 [PST8PDT]
[/]
http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml
http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=208.65.153.0/24&start=2008-02-24+18:46&end=2008-02-24+21:05
-danny
More information about the nsp-security
mailing list