Re: [44net] Concerning over undocumented BGP announcements

Just wanted to double-check.. Is the spreadsheet ONLY the prefixes which don’t appear in the AMPR portal? (As my 44.136.201.0/24 is not appearing in that list, and it’s definitely appearing in BGP on lg.he.net :) ) I do agree on it being really bizarre that some regions only have a /16 listed in the portal, and none of their more specifics. That has thrown me a few times. Cheers, DG On Sun, 31 Jan 2021 at 1:36 pm, Nat Morris via 44Net <44net(a)mailman.ampr.org> wrote: > > Hello all, > > Over the last few months I have noticed some odd BGP announcements of > prefixes which have no allocations in the AMPRnet portal. After > spotting 5 or 6 of these it made me wonder how many existed. > > This evening I took a snapshot of the RIPE RIS data for announcements > within 44.0.0.0/9 and 44.128.0.0/10, which took place in 2021. Then > scraped the allocations from the AMPRnet portal, compared prefixes > directly and then used a radix tree to find a best match. > > The resulting data > https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd… > > At first glance there are some expected entries, for example users > with a /22 or /23 announcing a more specific /24. > > What really worries me is the amount of announcements of /24s where > the closest portal documented prefix is a /16. Are these being used > legitimately? do AMPR co-ordinators what details about them? or have > they been hijacked? > > Look for example at /24 announcements within country assignments, but > no specific description! > > I would like to start a discussion around these specific prefixes. > > The scripts I wrote are here https://github.com/natm/amprnet-observer > > Kind regards, > > Nat. > -- > Nat > > https://nat.ms > +44 7531 750292 > _________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net