date:20080713

AS 54271

2008-07-13 Thread Marshall Eubanks


As of this morning, I am seeing BGP from AS 54271

* 62.77.196.0/22   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 62.77.254.0/23   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 81.17.184.0/22   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 81.17.190.0/23   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 82.131.196.0/23  38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 82.131.198.0/24  38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 82.131.248.0/21  38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 89.148.64.0/22   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 89.148.70.0/23   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 89.148.72.0/23   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 89.148.78.0/23   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 89.148.82.0/23   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 89.148.96.0/23   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i
* 89.148.99.0/24   38.101.161.1166991 0 174 3549  
3549 3549 12301 8696 20922 54271 i


This ASN has not been assigned to any RIR. Is this a bogon, or does
anyone know of a legitimate reason for this ?

Regards
Marshall

Re: AS 54271

2008-07-13 Thread Fredy Kuenzler


Patrick W. Gilmore schrieb:

On Jul 13, 2008, at 1:01 PM, Marshall Eubanks wrote:


As of this morning, I am seeing BGP from AS 54271


Maybe someone mistyped 65271? Which is still bad, but not at bad
(IMHO).


Interestingly, AS54271 is the last # of an unassigned block:


46080-47103Assigned by ARIN whois.arin.net2008-03-27
47104-48127Assigned by RIPE NCC whois.ripe.net2008-04-07
48128-54271Unassigned
54272-64511Reserved by the IANA
64512-65534Designated for private use (Allocated to the IANA)
65535  Reserved


http://www.iana.org/assignments/as-numbers

F.

Re: AS 54271

2008-07-13 Thread Jon Kibler

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marshall Eubanks wrote:
 As of this morning, I am seeing BGP from AS 54271
 
 * 62.77.196.0/22   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i

I would be willing to bet that the IP netblocks being advertised are
unallocated (or, unused within an allocated block). In the past, before
botnets were so common, spammers would often hijack unused netblocks,
advertise routes to them, flood spam from them, then the routes would
disappear, making it impossible to track the spammers.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkh6PNcACgkQUVxQRc85QlNYcACfWKl/jxJNlt3xcSmK3A1B5/kq
QF0An31R/cHv0U0/u+E7mU/0RvjN+evW
=2AIk
-END PGP SIGNATURE-




==
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Re: AS 54271

2008-07-13 Thread manolo

This ip space is from Bahrain 89.148.0.0/19 but some how has ended up in 
Hungary from an unknown owner. Definitely looks suspicious in my book.




Manolo



Joel Jaeggli wrote:

those prefixes all have ripe route object with origin AS 20922

all the routes I see for a given prefix look like the following:

  2914 1299 12301 8696 20922 54271
129.250.0.171 from 129.250.0.171 (129.250.0.12)
  Origin IGP, metric 1, localpref 100, valid, external
  Community: 2914:420 2914:2000 2914:3000 65504:1299

  2497 3257 12301 8696 20922 54271
202.232.0.2 from 202.232.0.2 (202.232.0.2)
  Origin IGP, localpref 100, valid, external

  7660 2516 3257 12301 8696 20922 54271
203.181.248.168 from 203.181.248.168 (203.181.248.168)
  Origin IGP, localpref 100, valid, external
  Community: 2516:1030

etc...

Marshall Eubanks wrote:

As of this morning, I am seeing BGP from AS 54271

* 62.77.196.0/22   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 62.77.254.0/23   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 81.17.184.0/22   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 81.17.190.0/23   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 82.131.196.0/23  38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 82.131.198.0/24  38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 82.131.248.0/21  38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 89.148.64.0/22   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 89.148.70.0/23   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 89.148.72.0/23   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 89.148.78.0/23   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 89.148.82.0/23   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 89.148.96.0/23   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i
* 89.148.99.0/24   38.101.161.1166991 0 174 3549 
3549 3549 12301 8696 20922 54271 i


This ASN has not been assigned to any RIR. Is this a bogon, or does
anyone know of a legitimate reason for this ?

Regards
Marshall

RE: AS 54271

2008-07-13 Thread Scott Morris

Wouldn't it be better to ask the folks in Hungary (AS20922) who are peering
with this site?

One side, I'd buy the typo.  Both sides, mutual typos are a little  more
difficult.

Not that conspiracy theories are all that much fun, but I'm finding the
one-sided mistake hard to believe.  Either that or the folks at AS20922
haven't figured out that an open bgp peer isn't a great idea!  :)

Scott 

-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED] 
Sent: Sunday, July 13, 2008 1:36 PM
To: Marshall Eubanks
Cc: NANOG list
Subject: Re: AS 54271

those prefixes all have ripe route object with origin AS 20922

all the routes I see for a given prefix look like the following:

   2914 1299 12301 8696 20922 54271
 129.250.0.171 from 129.250.0.171 (129.250.0.12)
   Origin IGP, metric 1, localpref 100, valid, external
   Community: 2914:420 2914:2000 2914:3000 65504:1299

   2497 3257 12301 8696 20922 54271
 202.232.0.2 from 202.232.0.2 (202.232.0.2)
   Origin IGP, localpref 100, valid, external

   7660 2516 3257 12301 8696 20922 54271
 203.181.248.168 from 203.181.248.168 (203.181.248.168)
   Origin IGP, localpref 100, valid, external
   Community: 2516:1030

etc...

Marshall Eubanks wrote:
 As of this morning, I am seeing BGP from AS 54271
 
 * 62.77.196.0/22   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 62.77.254.0/23   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 81.17.184.0/22   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 81.17.190.0/23   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 82.131.196.0/23  38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 82.131.198.0/24  38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 82.131.248.0/21  38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 89.148.64.0/22   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 89.148.70.0/23   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 89.148.72.0/23   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 89.148.78.0/23   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 89.148.82.0/23   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 89.148.96.0/23   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 * 89.148.99.0/24   38.101.161.1166991 0 174 3549 
 3549 3549 12301 8696 20922 54271 i
 
 This ASN has not been assigned to any RIR. Is this a bogon, or does 
 anyone know of a legitimate reason for this ?
 
 Regards
 Marshall

Re: AS 54271

2008-07-13 Thread Christian Koch

interestingly,  before july 7th these prefixes were originating from another
private as - 65501, until sometime that day routes were withdrawn from 65501
and began being announced from 54271...



On Sun, Jul 13, 2008 at 4:10 PM, Joel Jaeggli [EMAIL PROTECTED] wrote:

 Scott Morris wrote:

 Wouldn't it be better to ask the folks in Hungary (AS20922) who are
 peering
 with this site?


 These are or appear to be all 20922's prefixes...

 54271 is a stub from my vantage points that only appears from behind 20992.

  One side, I'd buy the typo.  Both sides, mutual typos are a little  more
 difficult.


 looks more like a lack of clue. off-hand I'd hazard that only one party is
 involved.


  Not that conspiracy theories are all that much fun, but I'm finding the
 one-sided mistake hard to believe.  Either that or the folks at AS20922
 haven't figured out that an open bgp peer isn't a great idea!  :)

 Scott
 -Original Message-
 From: Joel Jaeggli [mailto:[EMAIL PROTECTED] Sent: Sunday, July 13, 2008
 1:36 PM
 To: Marshall Eubanks
 Cc: NANOG list
 Subject: Re: AS 54271

 those prefixes all have ripe route object with origin AS 20922

 all the routes I see for a given prefix look like the following:

   2914 1299 12301 8696 20922 54271
 129.250.0.171 from 129.250.0.171 (129.250.0.12)
   Origin IGP, metric 1, localpref 100, valid, external
   Community: 2914:420 2914:2000 2914:3000 65504:1299

   2497 3257 12301 8696 20922 54271
 202.232.0.2 from 202.232.0.2 (202.232.0.2)
   Origin IGP, localpref 100, valid, external

   7660 2516 3257 12301 8696 20922 54271
 203.181.248.168 from 203.181.248.168 (203.181.248.168)
   Origin IGP, localpref 100, valid, external
   Community: 2516:1030

 etc...

 Marshall Eubanks wrote:

 As of this morning, I am seeing BGP from AS 54271

 * 62.77.196.0/22   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 62.77.254.0/23   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 81.17.184.0/22   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 81.17.190.0/23   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 82.131.196.0/23  38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 82.131.198.0/24  38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 82.131.248.0/21  38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 89.148.64.0/22   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 89.148.70.0/23   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 89.148.72.0/23   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 89.148.78.0/23   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 89.148.82.0/23   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 89.148.96.0/23   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i
 * 89.148.99.0/24   38.101.161.1166991 0 174 3549
 3549 3549 12301 8696 20922 54271 i

 This ASN has not been assigned to any RIR. Is this a bogon, or does
 anyone know of a legitimate reason for this ?

 Regards
 Marshall








-- 
^christian$

AS 54271

Re: AS 54271

Re: AS 54271

Re: AS 54271

RE: AS 54271

Re: AS 54271

6 matches

Site Navigation

Mail list logo

Footer information