Hello, My name is Lefteris Manassakis, Internet researcher and COO of Code BGP.
Since January 20, 2023, we have been monitoring the root DNS prefixes using our product, the Code BGP Platform, and we have identified multiple BGP anomalies related to these prefixes, some of which I will present in this email. 1. January 27, 2023: AS 24028 appeared as origin of prefix 2001:500:2f::/48 of F-Root. The event as seen by BGPlay: https://stat.ripe.net/widget/bgplay#w.resource=2001:500:2f::/48 <https://stat.ripe.net/widget/bgplay#w.resource=2001:500:2f::/48&w.ignoreRea nnouncements=false&w.starttime=1674752397&w.endtime=1674925197&w.rrcs=0,1,5, 6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp> &w.ignoreReannouncements=false&w.starttime=1674752397&w.endtime=1674925197&w .rrcs=0,1,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp 2. February 25, 2023: AS 17639 appeared as origin of prefix 2001:500:a8::/48 of E-Root. At the exact same time, appeared as origin of 2001:500:2f::/48 of F-Root: a. BGPlay for E-Root: https://stat.ripe.net/widget/bgplay#w.resource=2001:500:a8::/48%20 <https://stat.ripe.net/widget/bgplay#w.resource=2001:500:a8::/48%20&w.ignore Reannouncements=false&w.starttime=1677322776&w.endtime=1677409176&w.rrcs=0,1 ,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp> &w.ignoreReannouncements=false&w.starttime=1677322776&w.endtime=1677409176&w .rrcs=0,1,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp b. BGPlay for F-Root: https://stat.ripe.net/widget/bgplay#w.resource=2001:500:2f::/48 <https://stat.ripe.net/widget/bgplay#w.resource=2001:500:2f::/48&w.ignoreRea nnouncements=false&w.starttime=1677347997&w.endtime=1677434397&w.rrcs=0,1,5, 6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp> &w.ignoreReannouncements=false&w.starttime=1677347997&w.endtime=1677434397&w .rrcs=0,1,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp The offending network (AS 17639 Converge ICT Solutions) is mentioned in a report by Aftab Siddiqui for events that took place in 2020: https://www.manrs.org/2021/02/bgp-rpki-and-manrs-2020-in-review/ 3. April 28, 2023. AS 137661 appeared as origin of prefix 199.7.83.0/24 of L-Root. This event has very low visibility due to the very long AS path. However, it had been active for 2 months: https://stat.ripe.net/widget/bgplay#w.resource=199.7.83.0/24 <https://stat.ripe.net/widget/bgplay#w.resource=199.7.83.0/24&w.ignoreReanno uncements=false&w.starttime=1682589576&w.endtime=1688205576&w.rrcs=0,1,5,6,7 ,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp> &w.ignoreReannouncements=false&w.starttime=1682589576&w.endtime=1688205576&w .rrcs=0,1,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp 4. June 12, 2023. AS 201333 appeared as origin of prefix 193.0.14.0/24 of K-Root: https://stat.ripe.net/widget/bgplay#w.resource=193.0.14.0/24 <https://stat.ripe.net/widget/bgplay#w.resource=193.0.14.0/24&w.ignoreReanno uncements=false&w.starttime=1686528000&w.endtime=1686614399&w.rrcs=0,1,5,6,7 ,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp> &w.ignoreReannouncements=false&w.starttime=1686528000&w.endtime=1686614399&w .rrcs=0,1,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp If you have any questions of comments, feel free to message me. Best regards, Lefteris Lefteris Manassakis COO & Co-founder <http://www.codebgp.com> www.codebgp.com | +30 281 039 1248 Monitor . Detect . Protect
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
