SlideShare a Scribd company logo
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Misused Top ASNs
Analysis of AS1, AS2 and AS3 misuse!
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Officially allocated to...
AS 1 - Level3 Communications
AS 2 - University of Delaware
AS 3 - MIT
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
How they are “leaked” ?
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Reasons for leak...
● “Copy-paste” of sample prepend configuration “1 2 3”
● Mistakenly typing “1 2 or 3” in prepend rules in route
filter / export policy statement
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Impact of leak
Hard to determine statistically but ...
● Shows unexpected relationship of leaking AS with top ASN and among top ASNs!
● Considered to be “AS hijack” and bad for trust based BGP routing
● Can result in (wrongly prepended) announcement getting filtered across parts of internet
● Chances of broken connectivity of these routes with top ASNs network due to BGP loop
prevention
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
AS1 Graph V4
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
AS1 Peer V4
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Hunting for leakers...
● Analysis of routing table from multiple RIPE RIS collectors
● Analysis from 2010 to 2015
● Looking for cases where top ASNs appear in AS_PATH for routes which belong to other ASNs.
● Focus of top ASNs appearance with prepends in the routing table
● Assumption that except AS1, other two top ASNs aren’t transit provider (since belonging to
University)
● Leaks which appeared for less then 24hrs are not collected
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Distribution of appearance
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Distribution of leaks (IPv4 Vs IPv6)
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Some of who leaked AS1...
AS Number Start Date End Date Visibility in days
5927 22-Jul-2011 3-Dec-2011 134
7046 9-May-2010 11-Jun-2010 33
14758 25-Apr-2013 20-Jun-2013 56
21011 28-Jan-2013 5-Feb-2013 8
21219 28-Jan-2013 5-Feb-2013 8
26114 11-Jun-2013 22-Jul-2015 771
35819 23-Nov-2014 26-Nov-2014 3
40807 7-Jan-2010 24-Apr-2010 107
45899 1-Dec-2014 17-Apr-2015 137
49994 26-Nov-2013 29-Nov-2013 3
50113 31-May-2013 8-Jun-2013 8
51282 3-Nov-2010 19-Nov-2010 16
52931 3-Nov-2010 19-Nov-2010 16
55836 24-Nov-2014 26-Nov-2014 2
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Some of who leaked AS2...
AS Number Start Date End Date Visibility in days
12989 14-Oct-2014 26-Oct-2014 12
131211 19-May-2015 22-Jul-2015 64
131713 20-Apr-2015 4-Jun-2015 45
133219 6-Jul-2015 22-Jul-2015 16
17483 30-Jun-2010 7-Jul-2010 7
17658 7-Feb-2014 18-May-2015 465
197706 22-Sep-2011 25-Oct-2011 33
197790 7-Apr-2014 3-Jun-2014 57
197798 18-Jul-2013 26-Aug-2013 39
198040 2-Jan-2015 2-Feb-2015 31
23951 1-Feb-2011 23-Apr-2011 81
262587 29-May-2013 7-Jun-2013 9
262878 20-Aug-2011 25-Aug-2011 5
263042 17-Jul-2013 23-Aug-2013 37
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Some of who leaked AS3...
AS Number Start Date End Date Visbility in days
9121 2-Mar-2010 10-Apr-2010 39
21385 28-Feb-2011 2-Mar-2011 2
24523 25-Nov-2011 16-Dec-2011 21
24953 5-Jul-2013 31-Jul-2013 26
25933 26-Jun-2015 29-Jun-2015 3
27969 15-Sep-2013 6-Feb-2015 509
33849 28-Jun-2010 3-Aug-2010 36
35631 2-Apr-2015 9-Apr-2015 7
37162 16-Jul-2014 8-Nov-2014 115
37371 29-Jan-2013 11-Apr-2014 437
38077 17-May-2010 25-May-2010 8
38761 22-Sep-2010 22-Oct-2010 30
41599 7-Jan-2010 30-Mar-2010 82
51002 27-Jul-2010 29-Jul-2010 2
53053 15-Apr-2015 27-May-2015 42
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Route leak visibility (in days)
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Longest leak
1445 days (~3.9 years) for AS1 by AS23383
Sample AS_PATHs
186.65.112.0/20,30132 6939 23520 23383 1 65430
186.65.112.0/20,8283 5580 23520 23383 1
190.185.108.0/22,30132 6939 23520 23383 1 65430
190.185.108.0/22,8283 5580 23520 23383 1
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Most amusing AS_PATH ever!
31019 39326 39326 3356 7029 1614 1614 1614 1614 1 2 3 4 5
TABLE_DUMP_V2|02/02/14 00:00:01|A|195.69.146.99|50763|74.122.136.0
/24|50763 8943 3549 7029 1614 1614 1614 1614 1 2 3 4 5|IGP
November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh -
Misused Top ASNs
Thankyou!
Questions?
Peering?
Transit requirement?
anurag@he.net
http://he.net
http://as6939.peeringdb.com

More Related Content

Viewers also liked

OpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live DemonstrationOpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live Demonstration
Bangladesh Network Operators Group
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
Bangladesh Network Operators Group
 
Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS
Bangladesh Network Operators Group
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple Calculation
Bangladesh Network Operators Group
 
Apnic update
Apnic updateApnic update
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
Bangladesh Network Operators Group
 
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
Bangladesh Network Operators Group
 
Go with the Flow
Go with the Flow Go with the Flow
bdNOG Report
bdNOG ReportbdNOG Report
Local Solution with Global Potential
Local Solution with Global PotentialLocal Solution with Global Potential
Local Solution with Global Potential
Bangladesh Network Operators Group
 
VoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenueVoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenue
Bangladesh Network Operators Group
 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment
Bangladesh Network Operators Group
 
APNIC Service Improvements 2015
APNIC Service Improvements 2015APNIC Service Improvements 2015
APNIC Service Improvements 2015
Bangladesh Network Operators Group
 
RTT matters
RTT mattersRTT matters
The Future of SIP in WebRTC
The Future of SIP in WebRTCThe Future of SIP in WebRTC
The Future of SIP in WebRTC
Bangladesh Network Operators Group
 
ISP status in Bangladesh 2016
ISP status in Bangladesh 2016ISP status in Bangladesh 2016
ISP status in Bangladesh 2016
Bangladesh Network Operators Group
 
Mobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsMobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operators
Bangladesh Network Operators Group
 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
Bangladesh Network Operators Group
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
Bangladesh Network Operators Group
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
Bangladesh Network Operators Group
 

Viewers also liked (20)

OpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live DemonstrationOpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live Demonstration
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple Calculation
 
Apnic update
Apnic updateApnic update
Apnic update
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
 
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
 
Go with the Flow
Go with the Flow Go with the Flow
Go with the Flow
 
bdNOG Report
bdNOG ReportbdNOG Report
bdNOG Report
 
Local Solution with Global Potential
Local Solution with Global PotentialLocal Solution with Global Potential
Local Solution with Global Potential
 
VoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenueVoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenue
 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment
 
APNIC Service Improvements 2015
APNIC Service Improvements 2015APNIC Service Improvements 2015
APNIC Service Improvements 2015
 
RTT matters
RTT mattersRTT matters
RTT matters
 
The Future of SIP in WebRTC
The Future of SIP in WebRTCThe Future of SIP in WebRTC
The Future of SIP in WebRTC
 
ISP status in Bangladesh 2016
ISP status in Bangladesh 2016ISP status in Bangladesh 2016
ISP status in Bangladesh 2016
 
Mobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsMobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operators
 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
 

Similar to Misused top ASNs

Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNs
APNIC
 
Misused Top ASNs
Misused Top ASNsMisused Top ASNs
Misused Top ASNs
APNIC
 
BGP Routing Table Report
BGP Routing Table ReportBGP Routing Table Report
BGP Routing Table Report
APNIC
 
Ayyed Abdulsahib Naser-CV
Ayyed Abdulsahib Naser-CVAyyed Abdulsahib Naser-CV
Ayyed Abdulsahib Naser-CV
Ayyed Naser
 
Japanese 5 S System for Store of Power & Steel Plant
Japanese  5 S System for Store of Power & Steel Plant Japanese  5 S System for Store of Power & Steel Plant
Japanese 5 S System for Store of Power & Steel Plant
Er. EHS & Fire Syed Ali
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Bangladesh Network Operators Group
 
Routing diff
Routing diffRouting diff

Similar to Misused top ASNs (7)

Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNs
 
Misused Top ASNs
Misused Top ASNsMisused Top ASNs
Misused Top ASNs
 
BGP Routing Table Report
BGP Routing Table ReportBGP Routing Table Report
BGP Routing Table Report
 
Ayyed Abdulsahib Naser-CV
Ayyed Abdulsahib Naser-CVAyyed Abdulsahib Naser-CV
Ayyed Abdulsahib Naser-CV
 
Japanese 5 S System for Store of Power & Steel Plant
Japanese  5 S System for Store of Power & Steel Plant Japanese  5 S System for Store of Power & Steel Plant
Japanese 5 S System for Store of Power & Steel Plant
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
 
Routing diff
Routing diffRouting diff
Routing diff
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Bangladesh Network Operators Group
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
Bangladesh Network Operators Group
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
Bangladesh Network Operators Group
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
Bangladesh Network Operators Group
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
Bangladesh Network Operators Group
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
Bangladesh Network Operators Group
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
Bangladesh Network Operators Group
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Bangladesh Network Operators Group
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
Bangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
Bangladesh Network Operators Group
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
Bangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Recently uploaded

Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
Infosec train
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
Integrating Physical and Cybersecurity to Lower Risks in Healthcare!
Integrating Physical and Cybersecurity to Lower Risks in Healthcare!Integrating Physical and Cybersecurity to Lower Risks in Healthcare!
Integrating Physical and Cybersecurity to Lower Risks in Healthcare!
Alec Kassir cozmozone
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 

Recently uploaded (14)

Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
Integrating Physical and Cybersecurity to Lower Risks in Healthcare!
Integrating Physical and Cybersecurity to Lower Risks in Healthcare!Integrating Physical and Cybersecurity to Lower Risks in Healthcare!
Integrating Physical and Cybersecurity to Lower Risks in Healthcare!
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 

Misused top ASNs

  • 1. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Misused Top ASNs Analysis of AS1, AS2 and AS3 misuse!
  • 2. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Officially allocated to... AS 1 - Level3 Communications AS 2 - University of Delaware AS 3 - MIT
  • 3. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs How they are “leaked” ?
  • 4. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Reasons for leak... ● “Copy-paste” of sample prepend configuration “1 2 3” ● Mistakenly typing “1 2 or 3” in prepend rules in route filter / export policy statement
  • 5. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Impact of leak Hard to determine statistically but ... ● Shows unexpected relationship of leaking AS with top ASN and among top ASNs! ● Considered to be “AS hijack” and bad for trust based BGP routing ● Can result in (wrongly prepended) announcement getting filtered across parts of internet ● Chances of broken connectivity of these routes with top ASNs network due to BGP loop prevention
  • 6. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs AS1 Graph V4
  • 7. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs AS1 Peer V4
  • 8. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Hunting for leakers... ● Analysis of routing table from multiple RIPE RIS collectors ● Analysis from 2010 to 2015 ● Looking for cases where top ASNs appear in AS_PATH for routes which belong to other ASNs. ● Focus of top ASNs appearance with prepends in the routing table ● Assumption that except AS1, other two top ASNs aren’t transit provider (since belonging to University) ● Leaks which appeared for less then 24hrs are not collected
  • 9. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Distribution of appearance
  • 10. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Distribution of leaks (IPv4 Vs IPv6)
  • 11. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Some of who leaked AS1... AS Number Start Date End Date Visibility in days 5927 22-Jul-2011 3-Dec-2011 134 7046 9-May-2010 11-Jun-2010 33 14758 25-Apr-2013 20-Jun-2013 56 21011 28-Jan-2013 5-Feb-2013 8 21219 28-Jan-2013 5-Feb-2013 8 26114 11-Jun-2013 22-Jul-2015 771 35819 23-Nov-2014 26-Nov-2014 3 40807 7-Jan-2010 24-Apr-2010 107 45899 1-Dec-2014 17-Apr-2015 137 49994 26-Nov-2013 29-Nov-2013 3 50113 31-May-2013 8-Jun-2013 8 51282 3-Nov-2010 19-Nov-2010 16 52931 3-Nov-2010 19-Nov-2010 16 55836 24-Nov-2014 26-Nov-2014 2
  • 12. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Some of who leaked AS2... AS Number Start Date End Date Visibility in days 12989 14-Oct-2014 26-Oct-2014 12 131211 19-May-2015 22-Jul-2015 64 131713 20-Apr-2015 4-Jun-2015 45 133219 6-Jul-2015 22-Jul-2015 16 17483 30-Jun-2010 7-Jul-2010 7 17658 7-Feb-2014 18-May-2015 465 197706 22-Sep-2011 25-Oct-2011 33 197790 7-Apr-2014 3-Jun-2014 57 197798 18-Jul-2013 26-Aug-2013 39 198040 2-Jan-2015 2-Feb-2015 31 23951 1-Feb-2011 23-Apr-2011 81 262587 29-May-2013 7-Jun-2013 9 262878 20-Aug-2011 25-Aug-2011 5 263042 17-Jul-2013 23-Aug-2013 37
  • 13. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Some of who leaked AS3... AS Number Start Date End Date Visbility in days 9121 2-Mar-2010 10-Apr-2010 39 21385 28-Feb-2011 2-Mar-2011 2 24523 25-Nov-2011 16-Dec-2011 21 24953 5-Jul-2013 31-Jul-2013 26 25933 26-Jun-2015 29-Jun-2015 3 27969 15-Sep-2013 6-Feb-2015 509 33849 28-Jun-2010 3-Aug-2010 36 35631 2-Apr-2015 9-Apr-2015 7 37162 16-Jul-2014 8-Nov-2014 115 37371 29-Jan-2013 11-Apr-2014 437 38077 17-May-2010 25-May-2010 8 38761 22-Sep-2010 22-Oct-2010 30 41599 7-Jan-2010 30-Mar-2010 82 51002 27-Jul-2010 29-Jul-2010 2 53053 15-Apr-2015 27-May-2015 42
  • 14. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Route leak visibility (in days)
  • 15. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Longest leak 1445 days (~3.9 years) for AS1 by AS23383 Sample AS_PATHs 186.65.112.0/20,30132 6939 23520 23383 1 65430 186.65.112.0/20,8283 5580 23520 23383 1 190.185.108.0/22,30132 6939 23520 23383 1 65430 190.185.108.0/22,8283 5580 23520 23383 1
  • 16. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Most amusing AS_PATH ever! 31019 39326 39326 3356 7029 1614 1614 1614 1614 1 2 3 4 5 TABLE_DUMP_V2|02/02/14 00:00:01|A|195.69.146.99|50763|74.122.136.0 /24|50763 8943 3549 7029 1614 1614 1614 1614 1 2 3 4 5|IGP
  • 17. November 10th, 2015 - Anurag Bhatia - Hurricane Electric - bdNOG 4 - Sreemongal, Bangladesh - Misused Top ASNs Thankyou! Questions? Peering? Transit requirement? anurag@he.net http://he.net http://as6939.peeringdb.com