[tor-relays] Strange BGP activity with my node
jn at 9999.se
Fri May 11 11:53:30 UTC 2018
> Your prefix: 188.8.131.52/19 <http://184.108.40.206/19>:
> > Prefix Description: GBLX-US-BGP Update time: 2018-05-09
> > 12:11 (UTC) Detected by #peers: 1 Detected prefix:
> > 220.127.116.11/32 <http://18.104.22.168/32> Announced by:
> > AS200005 (Asavie Technologies Limited) Upstream AS:
> > AS200005 (Asavie Technologies Limited) ASpath: 200005
> I took a look through our BGP data and peering routers, and I didn't
> see the /32 being announced. I'm not saying it didn't happen, but
> rather it may not have carried very far. /32 prefix announcements
> rarely propagate very far. There are still a great many filters in
> place that restrict announcements more specific than /24 (or /21, or
> /19, or ...).
"#peers: 1" indicates only one of the peers with bgpmon.net saw it.
> It may be the case that this /32 prefix is a null route that leaked
> out, which we've seen happen somewhat frequently. The most notorious
> example was an attempted, and unwittingly leaked, null route in
> Pakistan (/24s, IIRC) that impacted YouTube.
> It appears Asavie does a bit of security and networking work, so
> possibly this is attributable to that?
DFRI saw the same notification for one exit address at the exact
same time. We also got a second identical notfication at 2018-05-09 12:17
More information about the tor-relays