BGP Update Report
BGP Update Report Interval: 16-Jun-06 -to- 29-Jun-06 (14 days) Observation Point: BGP Peering with AS4637 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS25543 25140 2.2% 739.4 -- FASONET-AS ONATEL/FasoNet's Autonomous System 2 - AS432320796 1.8% 15.8 -- TWTC - Time Warner Telecom, Inc. 3 - AS17974 15165 1.3% 40.2 -- TELKOMNET-AS2-AP PT TELEKOMUNIKASI INDONESIA 4 - AS17557 13081 1.1% 32.1 -- PKTELECOM-AS-AP Pakistan Telecom 5 - AS580310860 0.9% 119.3 -- DDN-ASNBLK - DoD Network Information Center 6 - AS702 9930 0.9% 13.3 -- AS702 MCI EMEA - Commercial IP service provider in Europe 7 - AS8452 8707 0.8% 51.5 -- TEDATA TEDATA 8 - AS6198 8542 0.7% 17.2 -- BATI-MIA - BellSouth Network Solutions, Inc 9 - AS156118514 0.7% 92.5 -- Iranian Research Organisation 10 - AS3475 8128 0.7% 478.1 -- LANT-AFLOAT - NCTAMS LANT DET HAMPTON ROADS 11 - AS174517781 0.7% 158.8 -- BIZNET-AS-AP BIZNET ISP 12 - AS4755 6335 0.6% 13.3 -- VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous System 13 - AS4621 6320 0.6% 47.2 -- UNSPECIFIED UNINET-TH 14 - AS239186298 0.6% 48.4 -- CBB-BGP-IBARAKI Connexion By Boeing Ibaraki AS 15 - AS101396214 0.5% 25.8 -- MERIDIAN-PH-AP Meridian Telekoms 16 - AS337836196 0.5% 59.0 -- EEPAD 17 - AS256205986 0.5% 64.4 -- COTAS LTDA. 18 - AS154755891 0.5% 47.5 -- NOL Nile Online 19 - AS2386 5885 0.5% 6.4 -- INS-AS - ATT Data Communications Services 20 - AS168145833 0.5% 17.7 -- NSS S.A. TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS210274256 0.4%4256.0 -- ASN-PARADORES PARADORES Autonomous System 2 - AS3043 3251 0.3%3251.0 -- AMPHIB-AS - Amphibian Media Corporation 3 - AS4678 2837 0.2%2837.0 -- FINE CANON NETWORK COMMUNICATIONS INC. 4 - AS260152227 0.2%2227.0 -- THINKORSWIM - Thinkorswim inc 5 - AS353792800 0.2%1400.0 -- EASYNET EASYNET s.c. 6 - AS125061223 0.1%1223.0 -- JTCGN Jamestown US-Immobilien GmbH 7 - AS39863 999 0.1% 999.0 -- CROSSNET Crossnet LLC 8 - AS34378 936 0.1% 936.0 -- RUG-AS Razguliay-UKRROS Group 9 - AS12408 844 0.1% 844.0 -- BIKENT-AS Bikent Ltd. Autonomous system 10 - AS144104186 0.4% 837.2 -- DALTON - MCM, Inc., DBA: [EMAIL PROTECTED] 11 - AS36565 836 0.1% 836.0 -- COUNTY-OF-MONTGOMERY-PA - County of Montgomery 12 - AS25543 25140 2.2% 739.4 -- FASONET-AS ONATEL/FasoNet's Autonomous System 13 - AS23986 678 0.1% 678.0 -- MR-AS-AP-HK Mediaring HK 14 - AS195291215 0.1% 607.5 -- RAZOR-PHL - Razor Inc. 15 - AS19908 564 0.1% 564.0 -- HOENIGRYENY9149359000 - Hoenig Co., Inc. 16 - AS141692255 0.2% 563.8 -- MEAD - MEAD CORPORATION 17 - AS24896 547 0.1% 547.0 -- UKRINTELL-AS IntellCOM Provider LIR, Kiev, Ukraine Northern Nowhere 18 - AS9157 1045 0.1% 522.5 -- SAO-RAS SAO-RAS AS 19 - AS14548 486 0.0% 486.0 -- LISTEN-SF-1 - Listen.com 20 - AS3475 8128 0.7% 478.1 -- LANT-AFLOAT - NCTAMS LANT DET HAMPTON ROADS TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 203.112.154.0/24 4904 0.4% AS17783 -- SRILRPG-AS SRIL RPG Autonomous System AS9476 -- INTRAPOWER-AS-AP Intrapower 2 - 62.81.240.0/24 4256 0.3% AS21027 -- ASN-PARADORES PARADORES Autonomous System 3 - 152.74.0.0/16 4088 0.3% AS11340 -- Red Universitaria Nacional 4 - 209.140.24.0/243251 0.2% AS3043 -- AMPHIB-AS - Amphibian Media Corporation 5 - 61.0.0.0/8 2850 0.2% AS4678 -- FINE CANON NETWORK COMMUNICATIONS INC. AS9476 -- INTRAPOWER-AS-AP Intrapower 6 - 198.92.192.0/212727 0.2% AS16559 -- REALCONNECT-01 - RealConnect, Inc 7 - 65.175.45.0/24 2227 0.2% AS26015 -- THINKORSWIM - Thinkorswim inc 8 - 209.160.56.0/222037 0.1% AS14361 -- HOPONE-DCA - HopOne Internet Corporation 9 - 159.124.160.0/19 1786 0.1% AS14169 -- MEAD - MEAD CORPORATION 10 - 206.251.163.0/24 1660 0.1% AS4314 -- I-55-INTERNET-SERVICES-INC - I-55 INTERNET SERVICES 11 - 195.28.178.0/231400 0.1% AS35379 -- EASYNET EASYNET s.c. 12 - 193.239.244.0/23 1400 0.1% AS35379 -- EASYNET EASYNET s.c. 13 - 195.85.226.0/241223 0.1% AS12506 -- JTCGN Jamestown US-Immobilien GmbH 14 - 208.0.225.0/24 1132 0.1% AS11139 -- CWRIN CW BARBADOS 15 -
The Cidr Report
This report has been generated at Fri Jun 30 21:48:24 2006 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
23-06-06187830 123329
24-06-06188063 123300
25-06-06188006 123398
26-06-06188124 123282
27-06-06188035 123379
28-06-06188211 123235
29-06-06188144 123326
30-06-06188207 123856
AS Summary
22426 Number of ASes in routing system
9381 Number of ASes announcing only one prefix
1470 Largest number of prefixes announced by an AS
AS7018 : ATT-INTERNET4 - ATT WorldNet Services
91696896 Largest address span announced by an AS (/32s)
AS721 : DISA-ASNBLK - DoD Network Information Center
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 30Jun06 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 188831 1237196511234.5% All ASes
AS4323 1324 273 105179.4% TWTC - Time Warner Telecom,
Inc.
AS4134 1212 273 93977.5% CHINANET-BACKBONE
No.31,Jin-rong Street
AS18566 945 158 78783.3% COVAD - Covad Communications
Co.
AS4755 941 222 71976.4% VSNL-AS Videsh Sanchar Nigam
Ltd. Autonomous System
AS721 1020 316 70469.0% DISA-ASNBLK - DoD Network
Information Center
AS22773 667 47 62093.0% CCINET-2 - Cox Communications
Inc.
AS6197 1017 486 53152.2% BATI-ATL - BellSouth Network
Solutions, Inc
AS7018 1470 943 52735.9% ATT-INTERNET4 - ATT WorldNet
Services
AS9498 682 178 50473.9% BBIL-AP BHARTI BT INTERNET
LTD.
AS855572 74 49887.1% CANET-ASN-4 - Aliant Telecom
AS19916 563 65 49888.5% ASTRUM-0001 - OLM LLC
AS19262 673 187 48672.2% VZGNI-TRANSIT - Verizon
Internet Services Inc.
AS17488 519 56 46389.2% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS3602 526 105 42180.0% AS3602-RTI - Rogers Telecom
Inc.
AS18101 421 28 39393.3% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS15270 435 52 38388.0% AS-PAETEC-NET - PaeTec.net -a
division of
PaeTecCommunications, Inc.
AS17676 490 110 38077.6% JPNIC-JP-ASN-BLOCK Japan
Network Information Center
AS11492 642 264 37858.9% CABLEONE - CABLE ONE
AS6198 601 243 35859.6% BATI-MIA - BellSouth Network
Solutions, Inc
AS4766 656 306 35053.4% KIXS-AS-KR Korea Telecom
AS22047 419 77 34281.6% VTR BANDA ANCHA S.A.
AS812370 30 34091.9% ROGERS-CABLE - Rogers Cable
Inc.
AS6467 388 49 33987.4% ESPIRECOMM - Xspedius
Communications Co.
AS16852 357 51 30685.7% FOCAL-CHICAGO - Focal Data
Communications of Illinois
AS8151 712 426 28640.2% Uninet S.A. de C.V.
AS16814 328 44 28486.6% NSS S.A.
AS3352 305 30 27590.2% TELEFONICA-DATA-ESPANA
Internet Access Network of
TDE
AS5668 528 256 27251.5% AS-5668 - CenturyTel Internet
Holdings, Inc.
AS6167 356 89 26775.0% CELLCO-PART - Cellco
Partnership
AS14654 282
Re: Fanless x86 Server Recommendations
Joe Abley [EMAIL PROTECTED] writes: On 29-Jun-2006, at 14:25, Ray Van Dolson wrote: We're looking to acquire a couple small servers that can act as routers for us at remote locations. How small? :-) http://www.compulab.co.il/x270/html/x270-cm-datasheet.htm He wants x86; those are Xscale which is pronounced ARM. Besides, people like those x270 boards and think they're cool. Ray specified fanless machines. I'm not sure why he wants hardware that nobody likes, but maybe he's worried about theft in his deployment environment. ---Rob
Re: Fanless x86 Server Recommendations
At 02:25 PM 29/06/2006, Ray Van Dolson wrote: We're looking to acquire a couple small servers that can act as routers for us at remote locations. To minimize hardware issues, I'd love to get something that has no fans, can still run a fairly decent processor and preferably no hard drive (easy with an IDE CF adapter). It would need a couple PCI slots for quad port ethernet cards and a fairly robust tolerance to temperature variations. Many mini-itx boxes dont have 2 PCI slots. You might be better going with a mini-itx solution and then use a small switch and trunk the NIC to act as a VLAN router. We have been using various embedded devices from Commell (http://www.commell.com.tw/Product/SBC/LV-667.HTM). They seem to work well and can deal with 45C operating temps and have decent hardware watchdog support (FreeBSD version at http://www.tancsa.com/watchdog/). ---Mike
Re: Fanless x86 Server Recommendations
* Mike Tancsa: Many mini-itx boxes dont have 2 PCI slots. You might be better going with a mini-itx solution and then use a small switch and trunk the NIC to act as a VLAN router. Are there any fanless routers with proper 802.1Q support (with ingress VLAN tag filtering, for instance)?
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 01 Jul, 2006 Analysis Summary BGP routing table entries examined: 191157 Prefixes after maximum aggregation: 105349 Unique aggregates announced to Internet: 93642 Total ASes present in the Internet Routing Table: 22571 Origin-only ASes present in the Internet Routing Table: 19635 Origin ASes announcing only one prefix:9426 Transit ASes present in the Internet Routing Table:2936 Transit-only ASes present in the Internet Routing Table: 63 Average AS path length visible in the Internet Routing Table: 3.5 Max AS path length visible: 24 Max AS path prepend of ASN (32609) 16 Prefixes from unregistered ASNs in the Routing Table: 2 Unregistered ASNs in the Routing Table: 3 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 9 Number of addresses announced to Internet: 1538359784 Equivalent to 91 /8s, 177 /16s and 129 /24s Percentage of available address space announced: 41.5 Percentage of allocated address space announced: 60.0 Percentage of available address space allocated: 69.1 Total number of prefixes smaller than registry allocations: 94478 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:41147 Total APNIC prefixes after maximum aggregation: 16948 Prefixes being announced from the APNIC address blocks: 38854 Unique aggregates announced from the APNIC address blocks:18463 APNIC Region origin ASes present in the Internet Routing Table:2619 APNIC Region origin ASes announcing only one prefix:745 APNIC Region transit ASes present in the Internet Routing Table:397 Average APNIC Region AS path length visible:3.5 Max APNIC Region AS path length visible: 18 Number of APNIC addresses announced to Internet: 234924896 Equivalent to 14 /8s, 0 /16s and 171 /24s Percentage of available APNIC address space announced: 73.5 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911 APNIC Address Blocks 58/7, 60/7, 121/8, 122/7, 124/7, 126/8, 202/7 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 97722 Total ARIN prefixes after maximum aggregation:58080 Prefixes being announced from the ARIN address blocks:71582 Unique aggregates announced from the ARIN address blocks: 27003 ARIN Region origin ASes present in the Internet Routing Table:10808 ARIN Region origin ASes announcing only one prefix:4083 ARIN Region transit ASes present in the Internet Routing Table: 991 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 19 Number of ARIN addresses announced to Internet: 294963200 Equivalent to 17 /8s, 148 /16s and 200 /24s Percentage of available ARIN address space announced: 76.4 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863, 39936-40959 ARIN Address Blocks24/8, 63/8, 64/5, 72/6, 76/8, 199/8, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 38343 Total RIPE prefixes after maximum aggregation:25693 Prefixes being announced from the RIPE address blocks:35391 Unique aggregates announced from the RIPE address blocks: 23902 RIPE Region origin ASes present in the Internet Routing Table: 8219 RIPE Region origin ASes announcing only one prefix:4320 RIPE Region transit ASes present in the Internet Routing Table:1357 Average RIPE Region AS path
DNS Based Load Balancers
I'm soliciting recommendations for DNS based load balancers. Currently, we have Cisco Global Site Selectors deployed buy have reached a limit for the number of active HTTP HEAD checks we can perform. This lack of scalability is restricting us severely with regards to the number of customers we can deploy for our product, which requires a separate HTTP HEAD check per IP per customer. I am hoping to receive recommendations for devices which allow for DNS based load balancing (round robin and proximity based) as well as HTTP health checks (including content based health checks). It must be scalable to, at least, 2000 active checks and active answers. I am currently investigating the Netscaler DNS offering as well as F5's 3DNS (or whatever they've changed the name to).
Re: DNS Based Load Balancers
F5 BigIP appears quite good. If you add their 3DNS software, you get wide-IP's as well. -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Drone Armies CC Report - 30 Jun 2006
This is a periodic public report from the ISOTF's affiliated group 'DA' (Drone Armies (botnets) research and mitigation mailing list / TISF DA) with the ISOTF affiliated ASreport project (TISF / RatOut). For this report it should be noted that we base our analysis on the data we have accumulated from various sources, which may be incomplete. Any responsible party that wishes to receive reports of botnet command and control servers on their network(s) regularly and directly, feel free to contact us. For purposes of this report we use the following terms openthe host completed the TCP handshake closed No activity detected reset issued a RST This month's survey is of 3420 unique, domains (or IPs) with port suspect CCs. This list is extracted from the BBL which has a historical base of 10579 reported CCs. Of the suspect CCs surveyed, 624 reported as Open, 1110 reported as closed, and 580 issued resets to the survey instrument. Of the CCs listed by domain name in the our CC database, 4778 are mitigated. Top 20 ASNes by Total suspect domains mapping to a host in the ASN. These numbers are determined by counting the number of domains which resolve to a host in the ASN. We do not remove duplicates and some of the ASNs reported have many domains mapping to a single IP. Note the Percent_resolved figure is calculated using only the Total and Open counts and does not represent a mitigation effectiveness metric. Percent_ ASN Responsible Party Total OpenResolved 19318 NJIIX-AS-1 - NEW JERSEY INTERN 75 13 83 23522 CIT-FOONET 51 19 63 13301 UNITEDCOLO-AS Autonomous System of 51 14 73 4766 KIXS-AS-KR 39 14 64 4134 CHINANET-BACKBONE 27 14 48 9318 HANARO-AS 26 8 69 4314 IIS-64 I-55 INTERNET SERVICES 26 2 92 7132 SBC Internet Services 25 6 76 33597 InfoRelay Online Systems, Inc. 24 0100 8560 SCHLUND-AS 24 6 75 4837 CHINA169-Backbone 23 10 57 3561 Savvis 22 2 91 30315 Everyones Internet 22 10 55 13749 EVRY Everyones Internet21 1 95 1659 ERX-TANET-ASN1 21 6 71 174 Cogent Communications 20 13 35 13237 LAMBDANET-AS 20 15 25 13213 UK2NET-AS UK-2 Ltd Autonomous Syste20 0100 21840 SAGONE Sago Networks 19 3 84 29073 COLINKS-AS Colinks web and game hos19 18 5 Top 20 ASNes by number of active suspect CCs. These counts are determined by the number of suspect domains or IPs located within the ASN completed a connection request. Percent_ ASN Responsible Party Total OpenResolved 23522 CIT-FOONET 51 19 63 29073 COLINKS-AS Colinks web and game hos19 18 5 13237 LAMBDANET-AS 20 15 25 4766 KIXS-AS-KR 39 14 64 13301 UNITEDCOLO-AS Autonomous System of 51 14 73 4134 CHINANET-BACKBONE 27 14 48 19318 NJIIX-AS-1 - NEW JERSEY INTERN 75 13 83 174 Cogent Communications 20 13 35 30315 Everyones Internet 22 10 55 4837 CHINA169-Backbone 23 10 57 10032 HGC-AS-AP Hutchison Global Crossing11 10 9 9911 CONNECTPLUS-AP Singapore Telecom 13 10 23 35908 Krypt Technologies Inc.13 9 31 36263 forona.10 8 20 9318 HANARO-AS 26 8 69 9600 SONY CORPORATION7 7 0 16265 LEASEWEB AS13 7 46 18942 WEBHO-3 WebHostPlus Inc 7 6 14 1659 ERX-TANET-ASN1 21 6 71 12322 PROXAD AS for Proxad ISP7 6 14 Randal Vaughn Gadi Evron Professor ge at linuxbox.org Baylor University Waco, TX (254) 710 4756 randy_vaughn at baylor.edu
