[tor-relays] Strange BGP activity with my node
Johan Nilsson
jn at 9999.se
Fri May 11 11:53:30 UTC 2018
> Your prefix: 204.17.32.0/19 <http://204.17.32.0/19>:
> > Prefix Description: GBLX-US-BGP Update time: 2018-05-09
> > 12:11 (UTC) Detected by #peers: 1 Detected prefix:
> > 204.17.56.42/32 <http://204.17.56.42/32> Announced by:
> > AS200005 (Asavie Technologies Limited) Upstream AS:
> > AS200005 (Asavie Technologies Limited) ASpath: 200005
> >
> I took a look through our BGP data and peering routers, and I didn't
> see the /32 being announced. I'm not saying it didn't happen, but
> rather it may not have carried very far. /32 prefix announcements
> rarely propagate very far. There are still a great many filters in
> place that restrict announcements more specific than /24 (or /21, or
> /19, or ...).
>
"#peers: 1" indicates only one of the peers with bgpmon.net saw it.
> It may be the case that this /32 prefix is a null route that leaked
> out, which we've seen happen somewhat frequently. The most notorious
> example was an attempted, and unwittingly leaked, null route in
> Pakistan (/24s, IIRC) that impacted YouTube.
>
> It appears Asavie does a bit of security and networking work, so
> possibly this is attributable to that?
>
DFRI saw the same notification for one exit address at the exact
same time. We also got a second identical notfication at 2018-05-09 12:17
(UTC).
Regards,
Johan
More information about the tor-relays
mailing list