[ brian lured me into the abuse circle; so reposting with routing ] interesting wg to do routing security analysis. as i do really not know the dod's or their proxy's motive(s), i can not say much about their tactics let alone strategy. i do know, and have actually seen and experienced, part of 11/8 being used as if it was 1918 space; ripe bologna was the first time. and the food in that town was fantastic! a /8 telescope would pick up leakage patterns as well as the current shotgun blast of announcements (i presume folk have looked at the actual announcements). i would naïvely think that the /8 might be slightly more easily analyzed than the pieces. maybe, as the telescope analysis shows focused leaks, they are trying to disrupt those focused uses with these focused announcements. but, if an op is using 11.12.666.0/23 internally, would they be careless enough to accept an exogenous announcement of that space? i guess i should not underestimate carelessness. is some random (small, i hope) isp using my address space internally as 1918 equivalent abusive, beyond their customers maybe not be able to reach my network? if so, maybe the vigilantes are looking in the wrong direction. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery