Last Updated: 2012-06-28 11:03:40 UTC
by Chris Mohan (Version: 1)
Reader Yin wrote in after noticing a huge spike in unsolicited border gateway protocol (BGP) traffic. This same spike in BGP connections has also been noted on DShield's sensors . Thankfully he provided a packet capture which contained numerous BGP OPEN  messages.
Here is a snippet of the BGP packet with the relevant details:
These messages all originated from the same system, based in Korea.
The Korean system IP is part of:
AS Number : AS9848
AS Name : SEJONGTELECOM-AS
From my understanding of BGP, this system is attempting to pass itself off as AS 65333, a private ASN  and poison the router with false details.
Whether misconfiguration or a malicious act is unknown at this point. Most, if not all routers should have basic protections in place to protect against this type of event having an effect .
Please let us know if you're seeing the same thing, can added anything further or if my analysis needs correcting.
UPDATE: Thank you to Reader Job for the clarification on private ASNs
Chris Mohan --- Internet Storm Center Handler on Duty