[nsp-sec] Cogent hijacking many Israeli IPs
Mike Tancsa
mike at sentex.net
Wed Apr 1 07:51:42 EDT 2009
At 07:06 AM 4/1/2009, Hank Nussbacher wrote:
>----------- nsp-security Confidential --------
>
>What started out this morning as just one /32 (192.116.154.209/32)
>being announced by AS174 - has now turned into a free-for-all with
>the following /32s being announced by AS174:
Are they announcing it or perhaps someone has injected those /32s
into their blackhole server by accident or design. I buy transit
from them and the packets get dropped in their core in Toronto
Canada, so I suspect the blackhole injection
% traceroute -n -q1 93.173.40.204
traceroute to 93.173.40.204 (93.173.40.204), 64 hops max, 40 byte packets
1 38.104.158.77 0.336 ms
2 154.54.5.85 0.488 ms
3 *
4 *
and from their Los Angeles looking glass, a similar behaviour.
Type escape sequence to abort.
Tracing the route to 93-173-40-204.bb.netvision.net.il (93.173.40.204)
1 gi1-47.224.mpd01.lax01.atlas.cogentco.com (66.250.4.5) 20 msec 4
msec 4 msec
2 te8-1.ccr01.lax01.atlas.cogentco.com (154.54.2.117) 0 msec 4 msec
te7-1.ccr02.lax01.atlas.cogentco.com (154.54.0.54) 4 msec
3 * * *
4 * * *
More information about the nsp-security
mailing list