April 22nd, 2020
AS263444 Hitting the headline again
Today, on April 22, 2020, in the world of BGP routing, a thing that usually occurs in rare circumstances, happened. A year and 11 days ago, on April 11 2019, we wrote our first incident report about a thing that has never been observed before - a hijack by, with the highest probability, BGP optimizing software. Later that year, in summer, Cloudflare was brutally hit by the same type of incident. And today, a year after the first incident with AS263444 belonging to Open X Tecnologia Ltda, the same autonomous system… no, you guessed wrong.
Today it leaked 9328 prefixes from 1250 autonomous systems including all your favorite names: Akamai, Cloudflare, Vodafone, NTT, Amazon, NVIDIA and many others.
leaker | min_start_time | max_end_time | duration | prefix_count | origin_count | min_avg_max_propagation | max_duration --------+------------------------+------------------------+----------+--------------+--------------+-------------------------+-------------- 263444 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 9328 | 1250 | 2, 21, 176 | 00:22:00
asn | leaker | as_name | country | prefix_count | min_start_time | max_end_time | duration | prefix_count | min_avg_max_propagation | max_duration
--------+--------+-----------------------------------------------+---------------------------+--------------+------------------------+------------------------+----------+--------------+-------------------------+--------------
855 | 263444 | CANET-ASN-4 | Canada | 820 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 820 | 5, 8, 26 | 00:18:00
1541 | 263444 | DNIC-ASBLK-01534-01546 | United States | 269 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 269 | 2, 5, 8 | 00:18:00
37963 | 263444 | CNNIC-ALIBABA-CN-NET-AP | China | 250 | 2020-04-22 01:27:00+00 | 2020-04-22 01:47:00+00 | 00:20:00 | 250 | 2, 10, 19 | 00:20:00
20940 | 263444 | AKAMAI-ASN1 | | 225 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 225 | 15, 39, 86 | 00:21:00
26484 | 263444 | IKGUL-26484 | United States | 224 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 224 | 24, 55, 79 | 00:18:00
36352 | 263444 | AS-COLOCROSSING | United States | 221 | 2020-04-22 01:27:00+00 | 2020-04-22 01:47:00+00 | 00:20:00 | 221 | 7, 23, 55 | 00:20:00
3549 | 263444 | LVLT-3549 | United States | 220 | 2020-04-22 01:27:00+00 | 2020-04-22 01:47:00+00 | 00:20:00 | 220 | 2, 13, 87 | 00:19:00
45528 | 263444 | TIKONAIN-AS | India | 197 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 197 | 9, 11, 14 | 00:21:00
23089 | 263444 | HOTWIRE-COMMUNICATIONS | United States | 164 | 2020-04-22 01:27:00+00 | 2020-04-22 01:46:00+00 | 00:19:00 | 164 | 2, 20, 37 | 00:19:00
16625 | 263444 | AKAMAI-AS | United States | 151 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 151 | 14, 38, 176 | 00:21:00
35986 | 263444 | VYVE-BROADBAND | United States | 150 | 2020-04-22 01:27:00+00 | 2020-04-22 01:47:00+00 | 00:20:00 | 150 | 2, 7, 17 | 00:20:00
45769 | 263444 | DVOIS-IN | India | 131 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 131 | 25, 27, 46 | 00:21:00
44244 | 263444 | IranCell-AS | Iran, Islamic Republic of | 130 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 130 | 27, 29, 33 | 00:21:00
13335 | 263444 | CLOUDFLARENET | United States | 120 | 2020-04-22 01:27:00+00 | 2020-04-22 01:47:00+00 | 00:20:00 | 120 | 2, 39, 83 | 00:20:00
134548 | 263444 | DXTL-HK | Hong Kong | 116 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 116 | 12, 35, 51 | 00:18:00
38266 | 263444 | VODAFONE-IN | India | 110 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 110 | 17, 21, 35 | 00:22:00
9009 | 263444 | M247 | United Kingdom | 101 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 101 | 23, 47, 97 | 00:21:00
9605 | 263444 | DOCOMO | Japan | 100 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 100 | 10, 20, 35 | 00:21:00
721 | 263444 | DNIC-ASBLK-00721-00726 | United States | 94 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 94 | 2, 6, 9 | 00:18:00
43260 | 263444 | AS43260 | Turkey | 92 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 92 | 14, 62, 84 | 00:18:00
42337 | 263444 | RESPINA-AS | Iran, Islamic Republic of | 87 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 87 | 29, 31, 56 | 00:20:00
58224 | 263444 | TCI | Iran, Islamic Republic of | 84 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 84 | 22, 52, 62 | 00:21:00
50010 | 263444 | Nawras-AS | Oman | 83 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 83 | 20, 40, 53 | 00:21:00
3223 | 263444 | VOXILITY | United Kingdom | 76 | 2020-04-22 01:27:00+00 | 2020-04-22 01:46:00+00 | 00:19:00 | 76 | 13, 37, 53 | 00:19:00
51570 | 263444 | SPB-AS | Russian Federation | 76 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 76 | 5, 11, 22 | 00:20:00
11272 | 263444 | TELEPAK-NETWORKS-INC | United States | 75 | 2020-04-22 01:28:00+00 | 2020-04-22 01:46:00+00 | 00:18:00 | 75 | 2, 3, 11 | 00:18:00
41733 | 263444 | ZTELECOM-AS | Russian Federation | 73 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 73 | 16, 24, 41 | 00:21:00
20473 | 263444 | AS-CHOOPA | United States | 66 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 66 | 2, 33, 58 | 00:20:00
9845 | 263444 | CJCKN-AS-KR | Korea, Republic of | 63 | 2020-04-22 01:25:00+00 | 2020-04-22 01:44:00+00 | 00:19:00 | 63 | 5, 8, 12 | 00:19:00
25019 | 263444 | SAUDINETSTC-AS | Saudi Arabia | 62 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 62 | 38, 50, 65 | 00:20:00
30722 | 263444 | VODAFONE-IT-ASN | Italy | 56 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 56 | 13, 15, 17 | 00:21:00
64050 | 263444 | BCPL-SG | Singapore | 53 | 2020-04-22 01:25:00+00 | 2020-04-22 01:39:00+00 | 00:14:00 | 53 | 6, 18, 56 | 00:14:00
45083 | 263444 | CHEERYZONE | China | 52 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 52 | 8, 9, 11 | 00:21:00
20978 | 263444 | TT_Mobil | Turkey | 51 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 51 | 53, 54, 55 | 00:21:00
17941 | 263444 | BIT-ISLE | Japan | 50 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 50 | 4, 8, 22 | 00:18:00
139007 | 263444 | UNICOM-NM-WULANCHABU-IDC | China | 46 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 46 | 15, 18, 28 | 00:22:00
1452 | 263444 | DNIC-ASBLK-01451-01456 | United States | 45 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 45 | 2, 7, 8 | 00:18:00
42708 | 263444 | PORTLANE | Sweden | 45 | 2020-04-22 01:27:00+00 | 2020-04-22 01:46:00+00 | 00:19:00 | 45 | 2, 5, 14 | 00:19:00
198471 | 263444 | LINKEM-AS | Italy | 44 | 2020-04-22 01:26:00+00 | 2020-04-22 01:42:00+00 | 00:16:00 | 44 | 8, 11, 12 | 00:16:00
45102 | 263444 | CNNIC-ALIBABA-US-NET-AP | China | 42 | 2020-04-22 01:27:00+00 | 2020-04-22 01:46:00+00 | 00:19:00 | 42 | 2, 27, 56 | 00:19:00
57858 | 263444 | AS57858 | Estonia | 42 | 2020-04-22 01:26:00+00 | 2020-04-22 01:41:00+00 | 00:15:00 | 42 | 11, 12, 24 | 00:15:00
134743 | 263444 | WSPL-AS-AP | Australia | 41 | 2020-04-22 01:27:00+00 | 2020-04-22 01:46:00+00 | 00:19:00 | 41 | 7, 15, 19 | 00:19:00
9583 | 263444 | SIFY-AS-IN | India | 41 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 41 | 13, 23, 43 | 00:22:00
16509 | 263444 | AMAZON-02 | United States | 38 | 2020-04-22 01:26:00+00 | 2020-04-22 01:44:00+00 | 00:18:00 | 38 | 26, 55, 71 | 00:18:00
34164 | 263444 | AKAMAI-LON | United Kingdom | 36 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 36 | 20, 40, 76 | 00:21:00
13904 | 263444 | COSLINK | United States | 35 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 35 | 2, 7, 15 | 00:18:00
2519 | 263444 | VECTANT | Japan | 35 | 2020-04-22 01:25:00+00 | 2020-04-22 01:40:00+00 | 00:15:00 | 35 | 9, 10, 10 | 00:15:00
2914 | 263444 | NTT-COMMUNICATIONS-2914 | United States | 35 | 2020-04-22 01:27:00+00 | 2020-04-22 01:47:00+00 | 00:20:00 | 35 | 7, 26, 29 | 00:20:00
42682 | 263444 | ERTH-NNOV-AS | Russian Federation | 35 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 35 | 5, 6, 7 | 00:19:00
62738 | 263444 | ZOCHNET1 | United States | 34 | 2020-04-22 01:27:00+00 | 2020-04-22 01:45:00+00 | 00:18:00 | 34 | 2, 10, 19 | 00:18:00
21859 | 263444 | ZNET | United States | 33 | 2020-04-22 01:27:00+00 | 2020-04-22 01:47:00+00 | 00:20:00 | 33 | 14, 28, 37 | 00:20:00
3329 | 263444 | HOL-GR | Greece | 33 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 33 | 13, 13, 13 | 00:21:00
For 22 minutes this Brazilian ISP was leaking its upstream providers AS52320, AS22356 and AS6762 toward AS57463 NetIX. Open X is a member of NetIX - which is probably the main reason why NetIX help spread this leak through its channels to many other Internet Exchanges - you can take a look at the network map of NetIX to get a better understanding of where and with whom it exchanges, without the help from Tier-1 ISPs. Usually, they are vital for the leak to spread really far from the leaker, but not at this time.
Autonomous systems that accepted this route leak are distributed all over the world - without proper inbound filters because you do not expect that a route leak on an IX could lead to bad routes on a separate IX. Classic. And here we can see the “results” of such high maintenance.
accepted_asn | prefixes | country
--------------+----------+----------------------
57463 | 9329 | Bulgaria
21321 | 9173 | United Kingdom
199524 | 8595 | Austria
12605 | 8398 | Austria
49720 | 8247 | Ukraine
24723 | 8247 | Poland
201054 | 7782 | Poland
39489 | 7748 | Poland
1820 | 5936 | United States
15772 | 5800 | Ukraine
43981 | 5681 | Ukraine
31167 | 5407 | France
34572 | 5407 | France
15557 | 5159 | France
25358 | 5121 | France
60032 | 5011 | France
16347 | 4988 | France
61319 | 4902 | France
34177 | 4576 | France
196845 | 4182 | Czechia
42908 | 4182 | Czechia
8839 | 3997 | France
201701 | 3735 | Germany
37100 | 3598 | Mauritius
50629 | 3595 | Germany
37353 | 3573 | South Africa
24482 | 3442 | Singapore
58511 | 3205 | Australia
58057 | 3060 |
37497 | 2985 | South Africa
37468 | 2942 | Angola
328269 | 2919 | Zimbabwe
41495 | 2655 | United Kingdom
23738 | 2644 | United States
41405 | 2596 | France
8304 | 2581 | France
28186 | 2528 | Brazil
7850 | 2523 | United States
38719 | 2512 | Australia
201029 | 2452 | Poland
57811 | 2452 | Poland
25369 | 2449 | United Kingdom
3255 | 2380 | Ukraine
50321 | 2330 | Czechia
49223 | 2330 | Ukraine
31122 | 2238 | Ireland
31500 | 2199 | Russian Federation
48136 | 2000 | Poland
24748 | 1915 | Poland
35320 | 1891 | Ukraine
5588 | 1776 | Czechia
49102 | 1767 | Poland
34779 | 1616 | Slovenia
21021 | 1562 | Poland
61102 | 1562 | Israel
8551 | 1562 | Israel
13538 | 1387 | United States
58453 | 1387 | Hong Kong
28634 | 1320 | Brazil
27630 | 1227 | United States
34872 | 1119 | United Kingdom
6134 | 1119 | United States
49697 | 1101 | Germany
43531 | 1064 | United Kingdom
24875 | 1064 | Netherlands
206479 | 1050 | Germany
204708 | 1032 | France
34549 | 1016 | Germany
200753 | 1009 | Switzerland
62023 | 991 | Germany
It is peculiar that a Brazilian ISP, that is a member of IX.br, where it is, in fact, connecting to NetIX from Bulgaria, was able to make such a leak - almost non-existent at the region where it came from and severely affecting every other region - as you can see, almost all of leaked prefixes reach other countries from Brazil.
country | prefix_count | origin_count | min_start_time | max_end_time | duration | min_avg_max_propagation | max_duration
---------------------------+--------------+--------------+------------------------+------------------------+----------+-------------------------+--------------
United States | 3623 | 712 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 2, 18, 176 | 00:21:00
United Kingdom | 392 | 61 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 2, 33, 97 | 00:21:00
Russian Federation | 482 | 43 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 5, 17, 95 | 00:21:00
Iran, Islamic Republic of | 426 | 40 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 22, 38, 62 | 00:21:00
Korea, Republic of | 206 | 33 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 4, 11, 71 | 00:21:00
Germany | 124 | 31 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 2, 31, 84 | 00:21:00
Spain | 123 | 28 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 2, 15, 43 | 00:21:00
Turkey | 274 | 22 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 8, 61, 86 | 00:21:00
Netherlands | 72 | 20 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 2, 15, 51 | 00:21:00
| 289 | 20 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 2, 35, 86 | 00:21:00
China | 473 | 20 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 2, 13, 59 | 00:22:00
Sweden | 76 | 14 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 2, 9, 51 | 00:19:00
Italy | 134 | 12 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 3, 17, 82 | 00:21:00
France | 36 | 12 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 5, 9, 49 | 00:20:00
Canada | 832 | 11 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 2, 8, 50 | 00:18:00
Hungary | 20 | 10 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 5, 17, 50 | 00:19:00
Bulgaria | 40 | 10 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 10, 24, 43 | 00:21:00
India | 521 | 10 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 9, 19, 46 | 00:22:00
Japan | 208 | 9 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 4, 15, 49 | 00:21:00
Hong Kong | 166 | 9 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 6, 30, 70 | 00:22:00
Denmark | 18 | 8 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 6, 13, 42 | 00:20:00
Estonia | 52 | 7 | 2020-04-22 01:26:00+00 | 2020-04-22 01:41:00+00 | 00:15:00 | 8, 12, 36 | 00:15:00
Georgia | 27 | 7 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 13, 52, 68 | 00:18:00
Iraq | 22 | 7 | 2020-04-22 01:26:00+00 | 2020-04-22 01:44:00+00 | 00:18:00 | 23, 35, 63 | 00:18:00
Ireland | 10 | 7 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 9, 19, 38 | 00:20:00
Romania | 14 | 7 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 2, 23, 68 | 00:20:00
Australia | 81 | 5 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 7, 15, 32 | 00:21:00
Finland | 8 | 4 | 2020-04-22 01:26:00+00 | 2020-04-22 01:44:00+00 | 00:18:00 | 9, 10, 13 | 00:17:00
Israel | 20 | 4 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 3, 13, 36 | 00:19:00
Palestine, State of | 23 | 4 | 2020-04-22 01:26:00+00 | 2020-04-22 01:44:00+00 | 00:18:00 | 5, 13, 37 | 00:17:00
Poland | 8 | 4 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 5, 10, 30 | 00:19:00
Saudi Arabia | 82 | 4 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 13, 44, 65 | 00:20:00
Taiwan, Province of China | 51 | 4 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 8, 32, 92 | 00:22:00
Greece | 48 | 3 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 6, 23, 48 | 00:21:00
Brazil | 6 | 3 | 2020-04-22 01:25:00+00 | 2020-04-22 01:45:00+00 | 00:20:00 | 45, 54, 62 | 00:19:00
Switzerland | 3 | 3 | 2020-04-22 01:26:00+00 | 2020-04-22 01:44:00+00 | 00:18:00 | 6, 15, 25 | 00:18:00
Lithuania | 3 | 3 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 10, 39, 55 | 00:19:00
Moldova, Republic of | 3 | 3 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 17, 32, 53 | 00:18:00
Norway | 5 | 3 | 2020-04-22 01:26:00+00 | 2020-04-22 01:43:00+00 | 00:17:00 | 8, 9, 11 | 00:17:00
Armenia | 2 | 2 | 2020-04-22 01:26:00+00 | 2020-04-22 01:38:00+00 | 00:12:00 | 28, 48, 68 | 00:12:00
Croatia | 2 | 2 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 16, 32, 47 | 00:21:00
United Arab Emirates | 4 | 2 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 16, 33, 50 | 00:18:00
Portugal | 5 | 2 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 9, 10, 11 | 00:20:00
Czechia | 23 | 2 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 5, 11, 16 | 00:20:00
Belgium | 11 | 2 | 2020-04-22 01:26:00+00 | 2020-04-22 01:45:00+00 | 00:19:00 | 8, 9, 13 | 00:19:00
Latvia | 2 | 2 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 5, 11, 17 | 00:21:00
Singapore | 55 | 2 | 2020-04-22 01:25:00+00 | 2020-04-22 01:47:00+00 | 00:22:00 | 6, 19, 56 | 00:21:00
Viet Nam | 31 | 1 | 2020-04-22 01:25:00+00 | 2020-04-22 01:46:00+00 | 00:21:00 | 4, 9, 12 | 00:21:00
Argentina | 2 | 1 | 2020-04-22 01:25:00+00 | 2020-04-22 01:40:00+00 | 00:15:00 | 11, 11, 11 | 00:15:00
Jordan | 18 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 29, 55, 76 | 00:19:00
Cambodia | 8 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:38:00+00 | 00:12:00 | 19, 22, 26 | 00:12:00
Kazakhstan | 18 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 55, 60, 64 | 00:20:00
Kuwait | 1 | 1 | 2020-04-22 01:27:00+00 | 2020-04-22 01:38:00+00 | 00:11:00 | 6, 6, 6 | 00:11:00
Oman | 83 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 20, 40, 53 | 00:21:00
Albania | 7 | 1 | 2020-04-22 01:27:00+00 | 2020-04-22 01:46:00+00 | 00:19:00 | 47, 47, 48 | 00:19:00
Philippines | 2 | 1 | 2020-04-22 01:25:00+00 | 2020-04-22 01:45:00+00 | 00:20:00 | 11, 11, 11 | 00:20:00
Guam | 1 | 1 | 2020-04-22 01:27:00+00 | 2020-04-22 01:43:00+00 | 00:16:00 | 8, 8, 8 | 00:16:00
Yemen | 15 | 1 | 2020-04-22 01:27:00+00 | 2020-04-22 01:46:00+00 | 00:19:00 | 2, 28, 45 | 00:19:00
Azerbaijan | 1 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 22, 22, 22 | 00:21:00
Austria | 12 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:46:00+00 | 00:20:00 | 40, 49, 88 | 00:19:00
Syrian Arab Republic | 15 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:47:00+00 | 00:21:00 | 3, 13, 16 | 00:21:00
Iceland | 2 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:36:00+00 | 00:10:00 | 37, 37, 37 | 00:10:00
Ukraine | 2 | 1 | 2020-04-22 01:26:00+00 | 2020-04-22 01:38:00+00 | 00:12:00 | 56, 66, 75 | 00:12:00
Uruguay | 5 | 1 | 2020-04-22 01:25:00+00 | 2020-04-22 01:42:00+00 | 00:17:00 | 11, 11, 11 | 00:17:00
(64 rows)
The reasons for this route leak are probably much less conspiracy as it was last time, when we thought of a Pilosov-Kapela attack, without knowing much at the time about BGP optimization software. This time, keeping the previously gained knowledge, we could say that the reason for this incident is quite trivial, as it always is - a mistake in the configuration.
Though a much more interesting question is how NetIX that accepted such an announcement from the leaker, while being kind of a cloud Internet-Exchange does not have appropriately tuned and maintained filters, as it accepted too many routes with Tier-1 operators in them. Such a combination, as we pointed out too many times, is a recipe for disaster.
This time it resolved quickly without rendering too much damage, but an almost ignorant absence of filters on such a massive infrastructure is a gun hanging on the wall and as we know from Chekhov, it would shoot.