[Rpki-discuss] Routing incidents and RPKI

ALAIN AINA aalain at afrinic.net
Tue May 29 20:32:28 SAST 2012


Hi,

Andrew asked for stats on IP blocks hijacking and BGP origin incidents that justify the needs for RPKI.

Here you go......

Apr 1997 – AS 7007 announced routes to all the Internet
Apr 1998 – AS 8584 mis-announced 100K routes
Dec 1999 – AT&T’s server network announced by another ISP – misdirecting their traffic (made the Wall Street Journal)
May 2000 – Sprint addresses announced by another ISP
Apr 2001 – AS 15412 mis-announced 5K routes
Dec 24, 2004 – thousands of networks misdirected to Turkey
Feb 10, 2005: Estonian ISP announced a part of Merit address space
Sep 9, 2005 – AT&T, XO and Bell South (12/8, 64/8, 65/8) misdirected to Bolivia [the next day, Germany – prompting AT&T to deaggregate]
Jan 22, 2006 – Many networks, including PANIX and Walrus Internet, misdirected to NY ISP (Con Edison (AS27506))
Feb 26, 2006 - Sprint and Verio briefly passed along TTNET (AS9121 again) announcements that it was the origin AS for 4/8, 8/8, and 12/8
Feb 24, 2008 –Pakistan Telecom announces /24 from YouTube
March 2008 – Kenyan ISP’s /24 announced by AboveNet
Frequent full table leaks, e.g., Sep08 (Moscow), Nov08 (Brazil), Jan09(Russia)
........

This  type of  incident occurs more frequently. Not all of them  are publicized ...


What about the unallocated and reserved blocks announcements ? see

http://thyme.rand.apnic.net/rviews/data-add-IANA
http://www.cidr-report.org/as2.0/#Bogons

On these lists there is an interesting case(affecting our resources):

http://smakd.potaroo.net/cgi-bin/per-prefix?prefix=41.222.79.0%2F24

The 41.222.79.0/24 is seen in the BGP table originated from AS36938

 Both AS36928 and the 41.222.72.0/21(coverage prefix) were reclaimed sometimes back in 2010.

For all defense,  we live with "routes origin monitoring, alert and collaborative fixing " and deaggregations. 


--Alain







More information about the Rpki-discuss mailing list