[anti-abuse-wg] Mysteries of the Internet: AS65000

On Sun, Apr 14, 2019 at 06:30:50PM -0700, Ronald F. Guilmette wrote:
>Even if I accept that one of these explanation is accurate and correct,
>I am still left with one question:  Who is "they" in this context?

If it's a leaked internal private ASN, the next ASN upstream in
the path should be the correct one. So, in essence, they are
doing it to themselves.

It could also actually be a private peering that was never
supposed to be visible in the DFZ. IIRC it is common practice to
use private ASNs for this. In which case it is the peer leaking
it.

>P.S.  There are three reasons why I am not prepared to believe that this
>is all just some "fat fingered" or merely incompetent mistake.  The first
>is the number of different national flags I am seeing on this page:
>
>https://bgp.he.net/AS65000#_prefixes
>
>That doesn't look much like an "internal network" to me!

It just means that a lot of networks leak private ASNs. Why does
that surprise you?

>But we can debate these points later on.  First I'd like to know who "they"
>is.  If somebody can figure out who "they" is in this context, then someone,
>perhaps even me, can shoot a polite and friendly inquiry via email to
>whatever "they" are actually doing this stuff, asking them what's up
>and how come they thought that it was a Good Idea to use a reserved ASN,
>and whether or not "they" plan to continue doing so.

"They" are the admins of the advertised networks (if this *is*
failure-to-remove-private-ASNs) 

>But right now I can't even do that, because I have no idea who is actually
>responsible for any of this.  If you do, then please do enlighten me.

Probably the actual owners of the advertised prefixes.

rgds,
SL