In message <20190415010759.GA51928@cilantro.c4inet.net>, "Sascha Luck [ml]" <aawg@c4inet.net> wrote:
Most likely this is either used in error as an advertising ASN by someone who doesn't know what they are doing (like the RFC1918 space that crops up in the DFZ now and again) or it's used internally in their networks and they have omitted to configure their routers to strip private ASNs from their advertisements (yes, I've forgotten this myself on occasion).
OK, so let's just say, for the sake of argument, that I believe that one or the other of these explanations is the "correct" one. (I don't, actually, but we can ignore that for the moment.) Even if I accept that one of these explanation is accurate and correct, I am still left with one question: Who is "they" in this context? Regards, rfg P.S. There are three reasons why I am not prepared to believe that this is all just some "fat fingered" or merely incompetent mistake. The first is the number of different national flags I am seeing on this page: https://bgp.he.net/AS65000#_prefixes That doesn't look much like an "internal network" to me! The second is the evident activity spikes that I am seeing on this page: https://stat.ripe.net/AS65000#tabId=routing The third reason is one that I am not prepared to go into right now. Let's just say that I didn't find this ASN totally by accident. But we can debate these points later on. First I'd like to know who "they" is. If somebody can figure out who "they" is in this context, then someone, perhaps even me, can shoot a polite and friendly inquiry via email to whatever "they" are actually doing this stuff, asking them what's up and how come they thought that it was a Good Idea to use a reserved ASN, and whether or not "they" plan to continue doing so. But right now I can't even do that, because I have no idea who is actually responsible for any of this. If you do, then please do enlighten me.