netsec-sig - [Security-WG] R&E Routes Leaked to Commodity Internet
Subject: Internet2 Network Security SIG
List archive
- From: David Farmer <>
- To: NTAC <>, ,
- Subject: [Security-WG] R&E Routes Leaked to Commodity Internet
- Date: Mon, 30 Dec 2019 18:12:52 -0600
I decided to look the other way around, that is to look for Internet2 R&E (AS11537) in commodity Internet paths, and after excluding some routes originated by Internet2 for Internet2 infrastructure prefixes, I get the following;
* 128.23.0.0/17 146.57.255.243 130 0 11164 6461 81 11537 2721 13429 i
* 184.105.19.9 2095 100 0 6939 6461 81 11537 2721 13429 i
*> 206.108.255.75 0 130 0 6461 81 11537 2721 13429 i
*> 130.127.0.0/16 206.108.255.75 0 130 0 6461 81 11537 2721 2722 12148 i
* 184.164.228.0/24 208.116.156.129 110 100 0 3257 174 5719 3754 11537 22388 24489 24489 24489 24489 24490 24490 24490 24490 24490 7575 47065 i
* 184.164.229.0/24 208.116.156.129 110 100 0 3257 174 5719 3754 11537 22388 24489 24489 24489 24489 24490 24490 24490 24490 24490 7575 47065 i
*> 198.21.128.0/17 206.108.255.75 0 130 0 6461 81 11537 2721 2722 12148 i
*> 205.186.32.0/19 206.108.255.75 0 130 0 6461 81 11537 2721 2722 i
*> 2610:d0::/32 2001:504:27::193d:0:1
0 130 0 6461 6057 1797 27750 11537 20965 24490 24287 7660 3943 i
* 2607:ea00:0:26::2
751 130 0 11164 6461 6057 1797 27750 11537 20965 24490 24287 7660 3943 i
184.164.228.0/19 is a peering research prefix, so maybe those are intentional, not sure;
* 128.23.0.0/17 146.57.255.243 130 0 11164 6461 81 11537 2721 13429 i
* 184.105.19.9 2095 100 0 6939 6461 81 11537 2721 13429 i
*> 206.108.255.75 0 130 0 6461 81 11537 2721 13429 i
*> 130.127.0.0/16 206.108.255.75 0 130 0 6461 81 11537 2721 2722 12148 i
* 184.164.228.0/24 208.116.156.129 110 100 0 3257 174 5719 3754 11537 22388 24489 24489 24489 24489 24490 24490 24490 24490 24490 7575 47065 i
* 184.164.229.0/24 208.116.156.129 110 100 0 3257 174 5719 3754 11537 22388 24489 24489 24489 24489 24490 24490 24490 24490 24490 7575 47065 i
*> 198.21.128.0/17 206.108.255.75 0 130 0 6461 81 11537 2721 2722 12148 i
*> 205.186.32.0/19 206.108.255.75 0 130 0 6461 81 11537 2721 2722 i
*> 2610:d0::/32 2001:504:27::193d:0:1
0 130 0 6461 6057 1797 27750 11537 20965 24490 24287 7660 3943 i
* 2607:ea00:0:26::2
751 130 0 11164 6461 6057 1797 27750 11537 20965 24490 24287 7660 3943 i
184.164.228.0/19 is a peering research prefix, so maybe those are intentional, not sure;
At least there is an IPv6 route on this list. 😀
I think it is a Cisco IPv6 LISP experiment. However, given that the path has Uruguay, RedClara, Internet2, GEANT, TEIN2, and Japan all in the path I'm not sure its a good idea for this route to be leaked, let alone even to be in the Internt2 R&E route table in the first place. I have a number of better routes for this prefix from the commodity Internet.Thanks
--
===============================================
David Farmer
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
David Farmer
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
- [Security-WG] R&E Routes Leaked to Commodity Internet, David Farmer, 12/31/2019
- Re: [Security-WG] [NTAC] R&E Routes Leaked to Commodity Internet, Bill Owens, 12/31/2019
Archive powered by MHonArc 2.6.19.