"On January 20, 2021, a great mystery appeared in the internet’s global
routing table. An entity that hadn’t been heard from in over a decade
began announcing large swaths of formerly unused IPv4 address space
belonging to the U.S. Department of Defense. Registered as GRS-DoD,
AS8003 began announcing
11.0.0.0/8 among other large DoD IPv4 ranges."
"By late January, AS8003 was announcing about 56 million IPv4
addresses, making it the sixth largest AS in the IPv4 global routing
table by originated address space. By mid-April, AS8003 dramatically
increased the amount of formerly unused DoD address space that it
announced to 175 million unique addresses."
"as of April 20, 2021, AS8003 is announcing so much IPv4 space that
5.7% of the entire IPv4 global routing table is presently originated by
AS8003"
https://www.kentik.com/blog/the-mystery-of-as8003/
qui ci sono alcune info sull'ASN (che sembra NON essere l'unico
coinvolto)
https://ipinfo.io/AS8003
e qui ulteriori info sul peering e sui vari blocchi di IP
https://bgp.he.net/AS8003
https://bgp.he.net/AS8003#_graph4
https://bgp.he.net/AS8003#_prefixes
considerando che l'intera operazione usa un'azienda "di facciata" che
non ha neanche un vero e proprio ufficio, tutta la faccenda puzza di
"three letters agency", tra l'altro il "trucco" di usare il BGP non è
nuovo, sia la Russia che la Cina hanno già fatto "giochetti" di questo
tipo in passato, dirottando traffico di varie altre nazioni (tra cui
USA ed Europa) verso i propri router
https://web.archive.org/web/20170122135805/https://dyn.com/blog/vast-world-of-fraudulent-routing/
Ad ogni modo, direi che le considerazioni qui sotto siano da tenere
presenti
"In other words, more than one out of every 20 IPv4 addresses is
presently originated by an entity that didn’t even appear in the
routing table at the beginning of the year."
"your corporate network may be using the formerly unused DoD space
internally, and if so, there is a risk you could be leaking it out to a
party that is actively collecting it."
uomo avvisato... :D
Nota: x-post su ICRL ed ICRI-A, follow-up su ICRL