> The message above has a timestamp of 16:57 UTC (11:57am ET) on January 20, 2021, moments after the swearing in of Joe Biden as the President of the United States and minutes before the statutory end of the administration of Donald Trump at noon Eastern time.
The questions that started to surface included: Who is AS8003? Why are they announcing huge amounts of IPv4 space belonging to the U.S. Department of Defense? And perhaps most interestingly, why did it come alive within the final three minutes of the Trump administration?
From the linked article on top, as background info. Quite interesting.
Was going to ask if this was related to that story. I had thought it was announcing space to gather some kind of intelligence about traffic to those networks, or do an attack on the tor network by providing it all as exit nodes.
I also speculated that it's possible it has to do with some kind of internal policy where if you don't use address space in a certain period of time, you lose it or it must be sold, and announcing it created a record of it being in use. Depending on for how long it was announced, the captured one-way traffic to it would provide a snapshot sample of source-dest relationships in that address space for a map.
It could also have just been used as an internal DoD ASN and it got leaked and announced by mistake, with all those routes redistributed into the announcement, though we'd have to look at the data to really recognize that error. A political hypothesis was fun, but unless it yielded evidence of some underlying activity, there seem like other explanations that could indicate the cause.
The questions that started to surface included: Who is AS8003? Why are they announcing huge amounts of IPv4 space belonging to the U.S. Department of Defense? And perhaps most interestingly, why did it come alive within the final three minutes of the Trump administration?
From the linked article on top, as background info. Quite interesting.
https://www.kentik.com/blog/the-mystery-of-as8003/