Hi Ronald,

It seems like a route leak to RIS or something similar like Isolario, rt-bgp.he.net.

Neither of its upstream will accept 213.0.0.0/8 so it won't affect the Internet.

Regards,
Siyuan Miao

 

On Sun, Apr 7, 2019 at 2:16 PM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:

I guess that I have a lot to learn yet about routing.  Maybe some of you
folks will yet again take pity on me and explain this to me.

>From where I am sitting it appears that AS12445 is announcing a route to
all of 213.0.0.0/8.  (I only happened to find out about this because,
as it happens there are some spamming inside of 213.0.0.0/8.)

Anyway, this is my reference source:

    https://bgp.he.net/AS12445#_prefixes

I did think that I should try to just email the official contacts AS12445
privately to inquire about this, and so I sent email to all three of
the contact email addresses listed in the RIPE WHOIS record for AS12445,
but as you can all see below, that didn't really work out very well.

Anyway, this doesn't seem to be such a great idea, security-wise, i.e. to
allow random network to announce routes to entire /8s (or larger) that
don't actually belong to them.

It is hard for me to tell how long this has been ongoing in the case of
this specific prefix and this specific ASN.  If anyone else can illuminate
me regarding that, then I would appreciate it.


------- Forwarded Message

Return-Path: <>
X-Original-To: rfg@tristatelogic.com
Delivered-To: rfg@tristatelogic.com
Received: by segfault.tristatelogic.com (Postfix)
        id 323DF3AFF4; Sat,  6 Apr 2019 22:57:35 -0700 (PDT)
Date: Sat,  6 Apr 2019 22:57:35 -0700 (PDT)
From: MAILER-DAEMON@tristatelogic.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: rfg@tristatelogic.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="8E09A3AEF2.1554616655/segfault.tristatelogic.com"
Message-Id: <20190407055735.323DF3AFF4@segfault.tristatelogic.com>

This is a MIME-encapsulated message.

- --8E09A3AEF2.1554616655/segfault.tristatelogic.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host segfault.tristatelogic.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<galasso@selenebs.it>: host
    selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1
    [galasso@selenebs.it]: Recipient address rejected: Access denied
    [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO
    command)

<gvinetti@selenebs.it>: host
    selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1
    [gvinetti@selenebs.it]: Recipient address rejected: Access denied
    [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO
    command)

- --8E09A3AEF2.1554616655/segfault.tristatelogic.com
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; segfault.tristatelogic.com
X-Postfix-Queue-ID: 8E09A3AEF2
X-Postfix-Sender: rfc822; rfg@tristatelogic.com
Arrival-Date: Sat,  6 Apr 2019 22:57:32 -0700 (PDT)

Final-Recipient: rfc822; galasso@selenebs.it
Original-Recipient: rfc822;galasso@selenebs.it
Action: failed
Status: 5.4.1
Remote-MTA: dns; selenebs-it.mail.protection.outlook.com
Diagnostic-Code: smtp; 550 5.4.1 [galasso@selenebs.it]: Recipient address
    rejected: Access denied
    [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]

Final-Recipient: rfc822; gvinetti@selenebs.it
Original-Recipient: rfc822;gvinetti@selenebs.it
Action: failed
Status: 5.4.1
Remote-MTA: dns; selenebs-it.mail.protection.outlook.com
Diagnostic-Code: smtp; 550 5.4.1 [gvinetti@selenebs.it]: Recipient address
    rejected: Access denied
    [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]

- --8E09A3AEF2.1554616655/segfault.tristatelogic.com
Content-Description: Undelivered Message
Content-Type: message/rfc822

Return-Path: <rfg@tristatelogic.com>
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
        by segfault.tristatelogic.com (Postfix) with ESMTP id 8E09A3AEF2;
        Sat,  6 Apr 2019 22:57:32 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: gvinetti@selenebs.it, galasso@selenebs.it, abuse@selenebs.it
Subject: 213.0.0.0/8
Date: Sat, 06 Apr 2019 22:57:32 -0700
Message-ID: <32415.1554616652@segfault.tristatelogic.com>


Greetings,

I waas wondering if you people could explain to me why your ASN (AS12445)
announcing a route at all of 213.0.0.0/8.

I don't think that your network has been assigned that entire huge block
of IPv4 addresses or that all of that IPv4 space belongs to you.

Do you disagree?


https://bgp.he.net/AS12445#_prefixes



- --8E09A3AEF2.1554616655/segfault.tristatelogic.com--

------- End of Forwarded Message