[nsp-sec] Cogent hijacking many Israeli IPs
Hank Nussbacher
hank at efes.iucc.ac.il
Wed Apr 1 10:04:54 EDT 2009
On Wed, 1 Apr 2009, John Fraizer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> sthaug at nethelp.no wrote:
>> ----------- nsp-security Confidential --------
>>
>>> Are other ISPs seeing this or is it just a Cogent/Israeli thing? IAR is
>>> showing lots of interesting announcements at Cogent:
>>> http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most
>>>
>>> Is IAR hosed or is Cogent?
>>
>> We peer with Cogent in Stockholm, and do *not* see these announcements.
>> We see them on our transit from Telia, with the expected origin ASes.
>> So, business as usual here...
>>
>> Steinar Haug, AS 2116
>>
>>
>
>
> It's definitely Cogent leaking DDoS-RS data. I just spot-checked a
> couple from our feed and sure enough, there is 174 leaking them:
>
> 2009-04-01 10:34:51 65334 12.176.2.53/32 12.128.0.0/9 7018 10565 174 65334
>
> 2009-04-01 10:34:51 65334 64.34.183.88/32 64.34.176.0/21 30099 13768
> 12050 10565 174 65334
>
> So much for setting no-export. :(
Groan! Can someone bang on Cogent?
-Hank
>
> John
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with PCLinuxOS - http://enigmail.mozdev.org
>
> iD8DBQFJ02st+16lRpJszIgRAlR3AJ9uTofFYniZ9LgGTaFFuZdBYtylXgCfcyVG
> YOoX4AcBW8iN0b1TVZahPAQ=
> =fyUc
> -----END PGP SIGNATURE-----
>
More information about the nsp-security
mailing list