Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DoD (Pentagono) ed annunci BGP

7 views
Skip to first unread message

ObiWan

unread,
Apr 27, 2021, 4:51:35 AM4/27/21
to

"On January 20, 2021, a great mystery appeared in the internet’s global
routing table. An entity that hadn’t been heard from in over a decade
began announcing large swaths of formerly unused IPv4 address space
belonging to the U.S. Department of Defense. Registered as GRS-DoD,
AS8003 began announcing 11.0.0.0/8 among other large DoD IPv4 ranges."

"By late January, AS8003 was announcing about 56 million IPv4
addresses, making it the sixth largest AS in the IPv4 global routing
table by originated address space. By mid-April, AS8003 dramatically
increased the amount of formerly unused DoD address space that it
announced to 175 million unique addresses."

"as of April 20, 2021, AS8003 is announcing so much IPv4 space that
5.7% of the entire IPv4 global routing table is presently originated by
AS8003"

https://www.kentik.com/blog/the-mystery-of-as8003/

qui ci sono alcune info sull'ASN (che sembra NON essere l'unico
coinvolto)

https://ipinfo.io/AS8003

e qui ulteriori info sul peering e sui vari blocchi di IP

https://bgp.he.net/AS8003

https://bgp.he.net/AS8003#_graph4

https://bgp.he.net/AS8003#_prefixes

considerando che l'intera operazione usa un'azienda "di facciata" che
non ha neanche un vero e proprio ufficio, tutta la faccenda puzza di
"three letters agency", tra l'altro il "trucco" di usare il BGP non è
nuovo, sia la Russia che la Cina hanno già fatto "giochetti" di questo
tipo in passato, dirottando traffico di varie altre nazioni (tra cui
USA ed Europa) verso i propri router

https://web.archive.org/web/20170122135805/https://dyn.com/blog/vast-world-of-fraudulent-routing/

Ad ogni modo, direi che le considerazioni qui sotto siano da tenere
presenti

"In other words, more than one out of every 20 IPv4 addresses is
presently originated by an entity that didn’t even appear in the
routing table at the beginning of the year."

"your corporate network may be using the formerly unused DoD space
internally, and if so, there is a risk you could be leaking it out to a
party that is actively collecting it."

uomo avvisato... :D

Nota: x-post su ICRL ed ICRI-A, follow-up su ICRL


0 new messages