Large number of IPv6 bogons with spoofed ASpath
Hi List Yesterday I noticed a large number of 'bogon' IPv6 announcement. I think it was about a 100 different (IPv6) bogon prefixes [1] [2] being announced from a what looks a variety of origin ASns. Being the administrator of one of these ASns, I'm quite confident that we were not actually announcing this prefix (f006:9000::/24). Looking more carefully at the data. it looks like the Origin AS / ASpaths are spoofed. I suspect it's just one person/organization somewhere in AS174 or AS3257 network which is announcing these bogons prepending it with different ASns. Does anyone have an idea what this could be? Someone doing some kind of an experiment? I summarized my observations here: http://bgpmon.net/blog/?p=299 If anyone has more info about this, please let me know as I am interested to learn more about this. Thanks, Andree [1] http://www.bgpmon.net/showbogons.php?inet=6 [2] http://bit.ly/cH1INE
Re: Large number of IPv6 bogons with spoofed ASpath
On Sat, 12 Jun 2010, Andree Toonk wrote: Hi List Yesterday I noticed a large number of 'bogon' IPv6 announcement. I think it was about a 100 different (IPv6) bogon prefixes [1] [2] being announced from a what looks a variety of origin ASns. I have seen 1000::/32 come in once and a while, but I've noticed that it's hard to catch from where this is coming from. But I've not seen the others. But it does point to the larger lesson that just because it is IPv6, it doesn't mean that prefix-fiters (and other tools) aren't required like in IPv4. wfms
