<div dir="ltr">Hi Ronald,<div><br></div><div>It seems like a route leak to RIS or something similar like Isolario, <a href="http://rt-bgp.he.net">rt-bgp.he.net</a>.</div><div><br></div><div>Neither of its upstream will accept <a href="http://213.0.0.0/8" rel="noreferrer" target="_blank">213.0.0.0/8</a> so it won't affect the Internet.</div><div><br></div><div>Regards,</div><div>Siyuan Miao</div><div><br></div><div> </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Apr 7, 2019 at 2:16 PM Ronald F. Guilmette <<a href="mailto:rfg@tristatelogic.com">rfg@tristatelogic.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
I guess that I have a lot to learn yet about routing. Maybe some of you<br>
folks will yet again take pity on me and explain this to me.<br>
<br>
>From where I am sitting it appears that AS12445 is announcing a route to<br>
all of <a href="http://213.0.0.0/8" rel="noreferrer" target="_blank">213.0.0.0/8</a>. (I only happened to find out about this because,<br>
as it happens there are some spamming inside of <a href="http://213.0.0.0/8" rel="noreferrer" target="_blank">213.0.0.0/8</a>.)<br>
<br>
Anyway, this is my reference source:<br>
<br>
<a href="https://bgp.he.net/AS12445#_prefixes" rel="noreferrer" target="_blank">https://bgp.he.net/AS12445#_prefixes</a><br>
<br>
I did think that I should try to just email the official contacts AS12445<br>
privately to inquire about this, and so I sent email to all three of<br>
the contact email addresses listed in the RIPE WHOIS record for AS12445,<br>
but as you can all see below, that didn't really work out very well.<br>
<br>
Anyway, this doesn't seem to be such a great idea, security-wise, i.e. to<br>
allow random network to announce routes to entire /8s (or larger) that<br>
don't actually belong to them.<br>
<br>
It is hard for me to tell how long this has been ongoing in the case of<br>
this specific prefix and this specific ASN. If anyone else can illuminate<br>
me regarding that, then I would appreciate it.<br>
<br>
<br>
------- Forwarded Message<br>
<br>
Return-Path: <><br>
X-Original-To: <a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a><br>
Delivered-To: <a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a><br>
Received: by <a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a> (Postfix)<br>
id 323DF3AFF4; Sat, 6 Apr 2019 22:57:35 -0700 (PDT)<br>
Date: Sat, 6 Apr 2019 22:57:35 -0700 (PDT)<br>
From: <a href="mailto:MAILER-DAEMON@tristatelogic.com" target="_blank">MAILER-DAEMON@tristatelogic.com</a> (Mail Delivery System)<br>
Subject: Undelivered Mail Returned to Sender<br>
To: <a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a><br>
Auto-Submitted: auto-replied<br>
MIME-Version: 1.0<br>
Content-Type: multipart/report; report-type=delivery-status;<br>
boundary="8E09A3AEF2.1554616655/<a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a>"<br>
Message-Id: <<a href="mailto:20190407055735.323DF3AFF4@segfault.tristatelogic.com" target="_blank">20190407055735.323DF3AFF4@segfault.tristatelogic.com</a>><br>
<br>
This is a MIME-encapsulated message.<br>
<br>
- --8E09A3AEF2.1554616655/<a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a><br>
Content-Description: Notification<br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
This is the mail system at host <a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a>.<br>
<br>
I'm sorry to have to inform you that your message could not<br>
be delivered to one or more recipients. It's attached below.<br>
<br>
For further assistance, please send mail to postmaster.<br>
<br>
If you do so, please include this problem report. You can<br>
delete your own text from the attached returned message.<br>
<br>
The mail system<br>
<br>
<<a href="mailto:galasso@selenebs.it" target="_blank">galasso@selenebs.it</a>>: host<br>
<a href="http://selenebs-it.mail.protection.outlook.com" rel="noreferrer" target="_blank">selenebs-it.mail.protection.outlook.com</a>[104.47.10.36] said: 550 5.4.1<br>
[<a href="mailto:galasso@selenebs.it" target="_blank">galasso@selenebs.it</a>]: Recipient address rejected: Access denied<br>
[<a href="http://DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com" rel="noreferrer" target="_blank">DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com</a>] (in reply to RCPT TO<br>
command)<br>
<br>
<<a href="mailto:gvinetti@selenebs.it" target="_blank">gvinetti@selenebs.it</a>>: host<br>
<a href="http://selenebs-it.mail.protection.outlook.com" rel="noreferrer" target="_blank">selenebs-it.mail.protection.outlook.com</a>[104.47.10.36] said: 550 5.4.1<br>
[<a href="mailto:gvinetti@selenebs.it" target="_blank">gvinetti@selenebs.it</a>]: Recipient address rejected: Access denied<br>
[<a href="http://DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com" rel="noreferrer" target="_blank">DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com</a>] (in reply to RCPT TO<br>
command)<br>
<br>
- --8E09A3AEF2.1554616655/<a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a><br>
Content-Description: Delivery report<br>
Content-Type: message/delivery-status<br>
<br>
Reporting-MTA: dns; <a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a><br>
X-Postfix-Queue-ID: 8E09A3AEF2<br>
X-Postfix-Sender: rfc822; <a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a><br>
Arrival-Date: Sat, 6 Apr 2019 22:57:32 -0700 (PDT)<br>
<br>
Final-Recipient: rfc822; <a href="mailto:galasso@selenebs.it" target="_blank">galasso@selenebs.it</a><br>
Original-Recipient: <a href="mailto:rfc822%3Bgalasso@selenebs.it" target="_blank">rfc822;galasso@selenebs.it</a><br>
Action: failed<br>
Status: 5.4.1<br>
Remote-MTA: dns; <a href="http://selenebs-it.mail.protection.outlook.com" rel="noreferrer" target="_blank">selenebs-it.mail.protection.outlook.com</a><br>
Diagnostic-Code: smtp; 550 5.4.1 [<a href="mailto:galasso@selenebs.it" target="_blank">galasso@selenebs.it</a>]: Recipient address<br>
rejected: Access denied<br>
[<a href="http://DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com" rel="noreferrer" target="_blank">DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com</a>]<br>
<br>
Final-Recipient: rfc822; <a href="mailto:gvinetti@selenebs.it" target="_blank">gvinetti@selenebs.it</a><br>
Original-Recipient: <a href="mailto:rfc822%3Bgvinetti@selenebs.it" target="_blank">rfc822;gvinetti@selenebs.it</a><br>
Action: failed<br>
Status: 5.4.1<br>
Remote-MTA: dns; <a href="http://selenebs-it.mail.protection.outlook.com" rel="noreferrer" target="_blank">selenebs-it.mail.protection.outlook.com</a><br>
Diagnostic-Code: smtp; 550 5.4.1 [<a href="mailto:gvinetti@selenebs.it" target="_blank">gvinetti@selenebs.it</a>]: Recipient address<br>
rejected: Access denied<br>
[<a href="http://DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com" rel="noreferrer" target="_blank">DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com</a>]<br>
<br>
- --8E09A3AEF2.1554616655/<a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a><br>
Content-Description: Undelivered Message<br>
Content-Type: message/rfc822<br>
<br>
Return-Path: <<a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a>><br>
Received: from <a href="http://segfault-nmh-helo.tristatelogic.com" rel="noreferrer" target="_blank">segfault-nmh-helo.tristatelogic.com</a> (localhost [127.0.0.1])<br>
by <a href="http://segfault.tristatelogic.com" rel="noreferrer" target="_blank">segfault.tristatelogic.com</a> (Postfix) with ESMTP id 8E09A3AEF2;<br>
Sat, 6 Apr 2019 22:57:32 -0700 (PDT)<br>
From: "Ronald F. Guilmette" <<a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a>><br>
To: <a href="mailto:gvinetti@selenebs.it" target="_blank">gvinetti@selenebs.it</a>, <a href="mailto:galasso@selenebs.it" target="_blank">galasso@selenebs.it</a>, <a href="mailto:abuse@selenebs.it" target="_blank">abuse@selenebs.it</a><br>
Subject: <a href="http://213.0.0.0/8" rel="noreferrer" target="_blank">213.0.0.0/8</a><br>
Date: Sat, 06 Apr 2019 22:57:32 -0700<br>
Message-ID: <<a href="mailto:32415.1554616652@segfault.tristatelogic.com" target="_blank">32415.1554616652@segfault.tristatelogic.com</a>><br>
<br>
<br>
Greetings,<br>
<br>
I waas wondering if you people could explain to me why your ASN (AS12445)<br>
announcing a route at all of <a href="http://213.0.0.0/8" rel="noreferrer" target="_blank">213.0.0.0/8</a>.<br>
<br>
I don't think that your network has been assigned that entire huge block<br>
of IPv4 addresses or that all of that IPv4 space belongs to you.<br>
<br>
Do you disagree?<br>
<br>
<br>
<a href="https://bgp.he.net/AS12445#_prefixes" rel="noreferrer" target="_blank">https://bgp.he.net/AS12445#_prefixes</a><br>
<br>
<br>
<br>
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com--<br>
<br>
------- End of Forwarded Message<br>
<br>
</blockquote></div>