Is there a project tracking bogons and analyzing them? I've been out of this game for a long time, but behind every false annoucement, there is a threat analysis to be done. The one case I am thinking of was the sudden announcement of routes by DoD during the changeover from the previous U.S. administration, which there was some speculation it had been used for internal numbering on Chinese networks, and this was a way to passively map the address space by hoovering up traffic to it.
Other use cases I could think of would be announcing routes to get traffic to botnet c&c services to gauge infections and compromises, or if you found a vulnerability in a piece of commercial software that phoned home, you could get an instant list of targets by annoucing the vendors routes and getting the heartbeat/update traffic. A bogon annoucement of routes from a major software vendor would indicate someone else knows what I know. Bogon announcements would still be the most interesting threat intel feed I can think of these days, as in spite of how trivial the attacks are, the actors are necessarily pretty sophisticated.
Cool project. I'm out of the loop, but if there were a site or twitter account monitoring this, that'd be pretty interesting.
Other use cases I could think of would be announcing routes to get traffic to botnet c&c services to gauge infections and compromises, or if you found a vulnerability in a piece of commercial software that phoned home, you could get an instant list of targets by annoucing the vendors routes and getting the heartbeat/update traffic. A bogon annoucement of routes from a major software vendor would indicate someone else knows what I know. Bogon announcements would still be the most interesting threat intel feed I can think of these days, as in spite of how trivial the attacks are, the actors are necessarily pretty sophisticated.
Cool project. I'm out of the loop, but if there were a site or twitter account monitoring this, that'd be pretty interesting.