AS23456 is what you get if your system doesn't properly support 32-bit ASNs and an AS-PATH (or peer) uses a 32-bit ASN.
There should be an extended attribute on the route that contains the full 32-bit AS-PATH called AS4_PATH associated with any such routes. Arguably any route containing AS23456 without an AS4_PATH attribute is invalid and could be filtered. Unfortunately, routers that would display AS23456 instead of restoring the full 32-bit AS_PATH may not be able to identify this. A properly transmitted route from a 4-byte ASN will be recovered as follows: 91.217.86.0/23 *[BGP/170] 1w5d 09:11:37, MED 101, localpref 100 AS path: 8121 1299 3209 197269 I > to 192.124.40.129 via ge-0/0/0.0 OTOH, you may occasionally see artifacts like this (I don't know why): 91.217.87.0/24 *[BGP/170] 1w5d 09:10:16, MED 101, localpref 100 AS path: 8121 1299 174 23456 197269 I > to 192.124.40.129 via ge-0/0/0.0 But if you are seeing 23456 on an AS4 capable router without at least some indication of a 4-byte ASN in the path, it's probably fishy. On Feb 3, 2013, at 4:57 AM, Suresh Ramasubramanian <ops.li...@gmail.com> wrote: > At least the 103.x which are announced by airtel. The other netblocks (one > Indian and two brazilian) appear unrelated though also showing as23456 > > --srs (htc one x) > On 03-Feb-2013 6:12 PM, "Suresh Ramasubramanian" > <ops.li...@gmail.com<javascript:_e({}, 'cvml', > 'ops.li...@gmail.com');>> > wrote: > >> AS23456 is currently announcing a good few netblocks (which don't have a >> very good smtp reputation, by the way). >> >> Funny thing is, that's a special use ASN as per rfc4893, something about >> two octet ASNs that don't have a four octet representation. >> >> Only one upstream (airtelbroadband-as-ap, as24560) that I can see >> >>>> 103.7.204.0/22 Missing AS4_PATH -- Probably a spoofed/hijacked route >>>> 103.14.208.0/22 Missing AS4_PATH -- Probably a spoofed/hijacked route >>>> 103.23.124.0/22 Missing AS4_PATH -- Probably a spoofed/hijacked route >>>> 103.30.12.0/22 Missing AS4_PATH -- Probably a spoofed/hijacked route >>>> 103.245.112.0/22 Missing AS4_PATH -- Probably a spoofed/hijacked route >>>> 111.235.148.0/22 Missing AS4_PATH -- Probably a spoofed/hijacked route >>>> 177.55.249.0/24 Missing AS4_PATH -- Probably a spoofed/hijacked route >>>> 186.251.192.0/21 Missing AS4_PATH -- Probably a spoofed/hijacked route If you're motivated to pursue this, the best thing to do is probably to contact the last legitimate AS before 23456 in the AS-PATH and inquire. Owen