Sorry for top posting, but I fail to see how any of this is abuse related? On Mon, 15 Apr 2019 04:39:10 +0100 "Sascha Luck [ml]" <aawg@c4inet.net> wrote:
On Sun, Apr 14, 2019 at 06:30:50PM -0700, Ronald F. Guilmette wrote:
Even if I accept that one of these explanation is accurate and correct, I am still left with one question: Who is "they" in this context?
If it's a leaked internal private ASN, the next ASN upstream in the path should be the correct one. So, in essence, they are doing it to themselves.
It could also actually be a private peering that was never supposed to be visible in the DFZ. IIRC it is common practice to use private ASNs for this. In which case it is the peer leaking it.
P.S. There are three reasons why I am not prepared to believe that this is all just some "fat fingered" or merely incompetent mistake. The first is the number of different national flags I am seeing on this page:
https://bgp.he.net/AS65000#_prefixes
That doesn't look much like an "internal network" to me!
It just means that a lot of networks leak private ASNs. Why does that surprise you?
But we can debate these points later on. First I'd like to know who "they" is. If somebody can figure out who "they" is in this context, then someone, perhaps even me, can shoot a polite and friendly inquiry via email to whatever "they" are actually doing this stuff, asking them what's up and how come they thought that it was a Good Idea to use a reserved ASN, and whether or not "they" plan to continue doing so.
"They" are the admins of the advertised networks (if this *is* failure-to-remove-private-ASNs)
But right now I can't even do that, because I have no idea who is actually responsible for any of this. If you do, then please do enlighten me.
Probably the actual owners of the advertised prefixes.
rgds, SL