[anti-abuse-wg] Mysteries of the Internet: AS65000

Sorry for top posting, but I fail to see how any of this is abuse related?


On Mon, 15 Apr 2019 04:39:10 +0100
"Sascha Luck [ml]" <aawg at c4inet.net> wrote:

> On Sun, Apr 14, 2019 at 06:30:50PM -0700, Ronald F. Guilmette wrote:
> >Even if I accept that one of these explanation is accurate and
> >correct, I am still left with one question:  Who is "they" in this
> >context?  
> 
> If it's a leaked internal private ASN, the next ASN upstream in
> the path should be the correct one. So, in essence, they are
> doing it to themselves.
> 
> It could also actually be a private peering that was never
> supposed to be visible in the DFZ. IIRC it is common practice to
> use private ASNs for this. In which case it is the peer leaking
> it.
> 
> >P.S.  There are three reasons why I am not prepared to believe that
> >this is all just some "fat fingered" or merely incompetent mistake.
> >The first is the number of different national flags I am seeing on
> >this page:
> >
> >https://bgp.he.net/AS65000#_prefixes
> >
> >That doesn't look much like an "internal network" to me!  
> 
> It just means that a lot of networks leak private ASNs. Why does
> that surprise you?
> 
> >But we can debate these points later on.  First I'd like to know who
> >"they" is.  If somebody can figure out who "they" is in this
> >context, then someone, perhaps even me, can shoot a polite and
> >friendly inquiry via email to whatever "they" are actually doing
> >this stuff, asking them what's up and how come they thought that it
> >was a Good Idea to use a reserved ASN, and whether or not "they"
> >plan to continue doing so.  
> 
> "They" are the admins of the advertised networks (if this *is*
> failure-to-remove-private-ASNs) 
> 
> >But right now I can't even do that, because I have no idea who is
> >actually responsible for any of this.  If you do, then please do
> >enlighten me.  
> 
> Probably the actual owners of the advertised prefixes.
> 
> rgds,
> SL
>