Skip to content

SYSTEM Cited by 1 source

CANTV (AS8048)

CANTV — Compañía Anónima Nacional Teléfonos de Venezuela — is Venezuela's state-run telephone and Internet Service Provider, operating the country's largest IP network as AS AS8048.

Role in the 2026-01-02 BGP anomaly

CANTV (AS8048) was the leaker in a Type 1 hairpin route leak observed on Cloudflare Radar on 2026-01-02 between 15:30 and 17:45 UTC. The leak re-advertised prefixes originated by its customer AS21980 (Dayco Telecom) from its Italian Tier-1 provider AS6762 (Sparkle) to its Colombian provider AS52320 (V.tal GlobeNet).

This was not a one-off — there had been 11 similar Type 1 hairpin leaks by AS8048 since the beginning of December 2025, indicating a systematic export-policy hygiene issue rather than an attack.

AS-relationship profile

  • Customer of: AS52320 (V.tal GlobeNet), among others
  • Customer of: AS6762 (Sparkle), among others
  • Provider to: AS21980 (Dayco Telecom), among others

The customer-provider direction from AS8048 to AS21980 is a load-bearing forensic fact in Cloudflare's analysis: because AS8048 is already AS21980's upstream, any interception motive for the leak is structurally absent.

Cloudflare's read on the recurring pattern

From the post:

"AS8048 may have configured too loose of export policies facing at least one of their providers, AS52320. And because of that, redistributed routes belong to their customer even when the direct customer BGP routes were missing. If their export policy toward AS52320 only matched on IRR-generated prefix list and not a customer BGP community tag, for example, it would make sense why an indirect path toward AS6762 was leaked back upstream by AS8048."

That is the IRR-prefix- filtering export policy (weaker) versus the customer- community-tag export policy (stronger) trade-off.

Seen in

Last updated · 200 distilled / 1,178 read