On 7/13/13 12:31 PM, Lin Holcomb wrote:
My understanding is that there may be some rouge direct connected 44 address ranges out there too. This is from a friend at a national CATV/ISP provider. I don't remember the specifics but prior to the policy Change by AMPR regarding this allocation we found some of these in their AS. If memory serves some were in VK. This is some thing we really need to run down.... With 16million addresses this is a hard task to police. I am guessing that ISPs have whole groups that just deal with rouge networks in their IP space. Just running a scan is not going to work as most ISPs will shut ya down if you tried to scan a whole class A. It really needs to be looked at in a AS. Not Brian's at UCSD as his will be correct.
Well anyone running BGP with a full feed on their router can see what ASN's announce any netblock.
The bigger question I see is how do you reliably link all of 44/8 so everyone can see everyone else.
On 7/13/13 12:31 PM, Lin Holcomb wrote:
My understanding is that there may be some rogue direct connected 44 address ranges out there too.
As far as I know all subnets advertising portions of net 44 to the Internet core via BGP are known and accounted for.
We have active alarms to alert us to hijacks. - Brian
-
Brian Kantor -
Bryan Fields