[nsp-sec] ARIN-REACHABILITY-TESTING
Bill Owens
owens at nysernet.org
Sat Jan 10 17:18:00 EST 2009
On Sat, Jan 10, 2009 at 07:01:44PM +0200, Hank Nussbacher wrote:
> ----------- nsp-security Confidential --------
>
> Can someone explain this block to me:
>
> NetRange: 173.0.0.0 - 173.0.255.255
. . .
> The reason I ask is I just got this alert from IAR:
> AS 378 is now announcing 173.0.5.0/24 which is historically announced by
> ASes: 3130.
> Time: Fri Jan 9 20:51:03 2009 GMT
> Observed path: 10565 2914 3130 378
>
> I did a lookup in http://cs.unm.edu/~karlinjf/IAR/search_prefix.php
> and came up with a bunch of faked ASNs (not just AS378):
One of our connectors had an IAR alert on a nearby netblock:
>AS 92 is now announcing 173.0.3.0/24 which is historically announced
>by ASes: 3130.
>Time: Fri Jan 9 18:23:31 2009 GMT
>Observed path: 10565 2914 3130 92
I'm hard-pressed to believe that Randy would do this intentionally, perhaps an experiment gone awry?
Bill.
- - -
Bill Owens
Director, Advanced Technology and Networks
NYSERNet, Inc.
More information about the nsp-security
mailing list