Isn't this the second time that AS13214 seemed to have made a "unintentional misconfig"?
On Mon, May 11, 2009 at 3:05 PM, Ricardo Oliveira <rvel...@cs.ucla.edu>wrote: > Hi all, > > First, thanks for using Cyclops, and thanks for all the Cyclops users that > drop me a message about this. > > It seems some router in AS13214 decided to originate all the prefixes and > send them to AS48285 in the Caymans, all the ASPATHs are 48285 13214. > The first announcement was on 2009-05-11 11:03:11 UTC and last on > 2009-05-11 12:16:32 UTC, there were 266,289 prefixes leaked (they were > withdrawn afterwards) > > As indicated in the Cyclops alerts, only a single monitor(AS48285) in > route-views4 detected this leak. I checked on other neighbors of AS13214 and > they seem fine, so it seems it was only a single router issue. > > This incident shows the advantage of having a wide set of peers for > detection, it seems Cyclops was the only tool to detect this incident. Given > the amount of banks and financial institutions in the Caymans, i would > otherwise have raised a red flag, but it seems this case was an > unintentional misconfig by AS13214. > > Would appreciate any further comment on the tool, and happy cyclopying! > > --Ricardo > the Cyclops guy > http://cyclops.cs.ucla.edu > > > On May 11, 2009, at 8:30 AM, Jay Hennigan wrote: > > We're getting cyclops[1] alerts that AS13214 is advertising itself as >> origin for all of our prefixes. Their anomaly report shows thousands of >> prefixes originating there. >> >> Anyone else seeing evidence of this or being affected? >> >> >> [1] http://cyclops.cs.ucla.edu/ >> >> >> -- >> Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net >> Impulse Internet Service - http://www.impulse.net/ >> Your local telephone and internet company - 805 884-6323 - WB6RDV >> > > > -- --sharlon
