[nsp-sec] Cogent hijacking many Israeli IPs
John Fraizer
john at op-sec.us
Wed Apr 1 09:25:01 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
sthaug at nethelp.no wrote:
> ----------- nsp-security Confidential --------
>
>> Are other ISPs seeing this or is it just a Cogent/Israeli thing? IAR is
>> showing lots of interesting announcements at Cogent:
>> http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most
>>
>> Is IAR hosed or is Cogent?
>
> We peer with Cogent in Stockholm, and do *not* see these announcements.
> We see them on our transit from Telia, with the expected origin ASes.
> So, business as usual here...
>
> Steinar Haug, AS 2116
>
>
It's definitely Cogent leaking DDoS-RS data. I just spot-checked a
couple from our feed and sure enough, there is 174 leaking them:
2009-04-01 10:34:51 65334 12.176.2.53/32 12.128.0.0/9 7018 10565 174 65334
2009-04-01 10:34:51 65334 64.34.183.88/32 64.34.176.0/21 30099 13768
12050 10565 174 65334
So much for setting no-export. :(
John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with PCLinuxOS - http://enigmail.mozdev.org
iD8DBQFJ02st+16lRpJszIgRAlR3AJ9uTofFYniZ9LgGTaFFuZdBYtylXgCfcyVG
YOoX4AcBW8iN0b1TVZahPAQ=
=fyUc
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list