In the end the cure is worse than the disease (by abusing the
anti-abuse
system. DMCA abuse anyone? Or the stupid bogons list so many people
forget to update every friggin time IANA allocated a new /8 to one of
the RIRs?)
It's interesting to see how bandaid solutions increase the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If someone will lend me appropriate /24's, I'll copy
69box.atlantic.net into 70box, 71box, etc. and come up with a
large (fairly comprehensive) list of IPs behind broken bogon
filters.
On Sat, 27 Nov 2004 18:03:28 +0100, Iljitsch van Beijnum said:
To some extent this is correct, but these users really need to learn to
effectively protect themselves. In the long term atleast.
Never teach a pig to sing: it wastes your time and annoys the pig.
I've always wondered whether
'; [EMAIL PROTECTED]
Subject: Re: Best way to get of Bogon list?
On Mon, Nov 29, 2004 at 07:04:28AM -0800, Barry Raveendran Greene wrote:
Jared Mauch:
jlewis:
If someone will lend me appropriate /24's, I'll copy
69box.atlantic.net into 70box, 71box, etc. and come up with a
large
On Fri, 26 Nov 2004, Iljitsch van Beijnum wrote:
On 26-nov-04, at 8:29, Christopher L. Morrow wrote:
Can someone identify the *benefits* of using bogon lists for
unallocated
space? It appears that it only hurts connectivity, but does not help
in
any significant way to enhance
On Thu, Nov 25, 2004 at 10:29:51PM -0500, Jon Lewis wrote:
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
I hate to say it, but that is the only way.
You aren't dealing with a single bogon blocking list, you're dealing with a
whole lot of providers who are way behind the times and
On 27-nov-04, at 9:02, Christopher L. Morrow wrote:
I've never been a fan of bogon packet filtering (bogon route filtering
is more useful), but it occurs to me that it's probably better for us
network opertors to do this rather than have each and every firewall
admin do it for themselves.
be it
Jon Lewis [EMAIL PROTECTED] wrote:
It makes people feel like they're more secure.
aka airport security. Inconvenience the users, and achieve nothing
useful.
It may cut down slightly on junk traffic entering their networks,
but I suspect thats an insignifigantly small amount / benefit.
On Fri, Nov 26, 2004 at 01:02:27AM -0500, [EMAIL PROTECTED] wrote:
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
Possibly, whoever are the vendors of software that recommends this
practice (and authors of security handbooks) should be show the error
of their ways?
Never heard of a
10:30 PM
To: [EMAIL PROTECTED]
Subject: Re: Best way to get of Bogon list?
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
I hate to say it, but that is the only way.
You aren't dealing with a single bogon blocking list, you're dealing
with a
whole lot of providers who are way
On 26-nov-04, at 8:29, Christopher L. Morrow wrote:
Can someone identify the *benefits* of using bogon lists for
unallocated
space? It appears that it only hurts connectivity, but does not help
in
any significant way to enhance security.
It might be a way to proactively keep your part of the
Good Day,
I have question for the list what would be best/fastest way to get off
bogon list. Arin allocated us a /19 2 months ago (72.1.192.0/19) We find
that a lot of providers aren't accepting the BGP advertisements for that
block because the block 72.0.0.0/8 was on bogon list.
Thanks
Title: Re: Best way to get of Bogon list?
Exactly what I have been doing for last week 2 weeks now.
Thanks,
Majid
--
Sent from my BlackBerry Wireless Handheld
-Original Message-
From: Suresh Ramasubramanian [EMAIL PROTECTED]
To: Majid Farid [EMAIL
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
I hate to say it, but that is the only way.
You aren't dealing with a single bogon blocking list, you're dealing with a
whole lot of providers who are way behind the times and you just have to go on
contacting them one at a time.
Its not
On Thu, 25 Nov 2004, Jon Lewis wrote:
Its not even just providers. If it were, it'd be relatively easy to
just find and call each NOC. You're likely to have bogon issues with
few large providers. It's mostly smaller providers and end user
networks...some of which are quite large or high
[EMAIL PROTECTED] wrote:
Can someone identify the *benefits* of using bogon lists for
unallocated space? It appears that it only hurts connectivity, but
does not help in any significant way to enhance security.
Possibly, whoever are the vendors of software that recommends this
practice (and
:30 PM
To: [EMAIL PROTECTED]
Subject: Re: Best way to get of Bogon list?
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
I hate to say it, but that is the only way.
You aren't dealing with a single bogon blocking list, you're dealing
with a
whole lot of providers who are way behind
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
Possibly, whoever are the vendors of software that recommends this
practice (and authors of security handbooks) should be show the error
of their ways?
Is this where we restart the BCP38 thread and then argue that if
everybody
On Fri, 26 Nov 2004 [EMAIL PROTECTED] wrote:
On Thu, 25 Nov 2004, Jon Lewis wrote:
Its not even just providers. If it were, it'd be relatively easy to
just find and call each NOC. You're likely to have bogon issues with
few large providers. It's mostly smaller providers and end user
## On 2002-07-31 10:09 +0200 Jesper Skriver typed:
JS On Wed, Jul 31, 2002 at 12:22:30AM -0700, Randy Bush wrote:
JS
JS AFAIK 12.0S only has the service provider feature set
JS
JS i fear that the joke is on us. at least one other train seems to
JS have been merged into the ex-isp train.
## On 2002-07-30 08:23 -0700 Randy Bush typed:
RB
RB Not a complete solution but a start:
RB IP Source Tracker:
RB http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
RB limit/120s/120s21/ipst.htm
RB Available as of 12.0(22)S for 7500 and 12000 series Cisco
AFAIK 12.0S only has the service provider feature set
i fear that the joke is on us. at least one other train seems to
have been merged into the ex-isp train. not sure how much. can't
get a straight answer. welcome back to 1997, and bye bye what
stability we had.
randy
On Wed, Jul 31, 2002 at 12:22:30AM -0700, Randy Bush wrote:
AFAIK 12.0S only has the service provider feature set
i fear that the joke is on us. at least one other train seems to
have been merged into the ex-isp train. not sure how much. can't
get a straight answer. welcome back to
As far as tracking DoS, I've read some good papers on the subject and it
always boils down to tracking MAC addresses and going interface by
interface to the source, demanding inter-ISP cooperation, and finally
legal assistance. This has been tried during a few severe instances with
poor results.
Hank Nussbacher wrote:
So, to restate the problem, how do we identify some of the sources of a
DoS attack quickly, maybe even while the attack is still in progress?
Not a complete solution but a start:
IP Source Tracker:
Not a complete solution but a start:
IP Source Tracker:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
limit/120s/120s21/ipst.htm
Available as of 12.0(22)S for 7500 and 12000 series Cisco routers.
ah yes. the new enterprise image. :-(
On Tue, 30 Jul 2002 [EMAIL PROTECTED] wrote:
The owners of the attacking devices are accessories to the crime
although I'm sure they could plead ignorance and avoid any liability. But
what if they could not plead ignorance? What if we could identify some of
the attacking devices, and what
Having recently read David Moore's paper on backscatter analysis,
http://www.caida.org/outreach/papers/2001/BackScatter/
this data is interesting because most of these filters seem to be blocking
an amount of traffic proportional to their size.
Extended IP access list 120 (Compiled)
[EMAIL PROTECTED] wrote:
[...]
other people could look in their netflow data
for traffic from bogon addresses to your destination.
Do other people need such a list to discover invalid source addresses
emerging from their networks?
[...] the owners of compromised
machines used to
--On Sunday, July 28, 2002 09:35:40 -0500 John Palmer (NANOG Acct)
[EMAIL PROTECTED] wrote:
Yes - DSHEILD has our ORSC root server listed as well. I thought that
was hilarious.
Some might beg to differ.
--
Måns NilssonSystems Specialist
+46 70 681 7204 KTHNOC
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, July 29, 2002 5:37 AM
To: [EMAIL PROTECTED]
Subject: RE: Bogon list or Dshield.org type list
Having recently read David Moore's paper on backscatter analysis,
http://www.caida.org
On Mon, 29 Jul 2002, jnull wrote:
ISPs won't shut someone down because they've been hacked, merely send
them a warning Email or call--a process that takes days in my
experience.
Worse -- there is an increasing number of ASNs spewing traffic onto the
internet with NOBODY AT THE WHEEL. We
(albeit
small on their list)
--Phil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
alsato
Sent: Saturday, July 27, 2002 8:08 PM
To: [EMAIL PROTECTED]
Subject: Bogon list or Dshield.org type list
Im wondering how many of you use Bogon
Yes - DSHEILD has our ORSC root server listed as well. I thought that was hilarious.
- Original Message -
From: Charles Sprickman [EMAIL PROTECTED]
To: Johannes Ullrich [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, July 28, 2002 2:36 AM
Subject: Re: Bogon list or Dshield.org
Im wondering how many of you use Bogon Lists and http://www.dshield.org/top10.htmltype
lists on your routers? Im curious to know if you are an ISP with
customers or backbone provider or someone else? I have a feeling not many
people use these on routers? Im wondering why or why
not?
Ive
]] On Behalf Of
alsatoSent: Saturday, July 27, 2002 8:08 PMTo:
[EMAIL PROTECTED]Subject: Bogon list or Dshield.org type
list
Im wondering how many of you use Bogon Lists and
http://www.dshield.org/top10.htmltype
lists on your routers? Im curious to know if you are an ISP
. Wilcox wrote: ]
Subject: Re: Bogon list
RFC1918 does not break path-mtu, filtering it does tho..
So, in other words inappropriate use of RFC 1918 does not break Path MTU
Discovery! You can't still have your cake and have eaten it too. One
way or another RFC 1918 addresses must not be let
Jason Lewis [EMAIL PROTECTED] writes:
Which, by the way, rocks the hizzy.
If anyone needs some qmail-scanner and/or spam-assassin help in qmail,
let me know. I just spent the last couple days pfutzing with it
extensively.
I just bumped my hit count to 6. I found a small number of
On Thu, 6 Jun 2002, Stephen Griffin wrote:
In the referenced message, Sean M. Doran said:
Basically, arguing that the routing system should carry around
even more information is backwards. It should carry less.
If IXes need numbers at all (why???) then use RFC 1918 addresses
and
At 05:26 AM 6/7/02, Stephen J. Wilcox wrote:
On Thu, 6 Jun 2002, Stephen Griffin wrote:
In the referenced message, Sean M. Doran said:
Basically, arguing that the routing system should carry around
even more information is backwards. It should carry less.
If IXes need numbers at
[ On Friday, June 7, 2002 at 10:26:53 (+0100), Stephen J. Wilcox wrote: ]
Subject: Re: Bogon list
RFC1918 does not break path-mtu, filtering it does tho..
So, in other words inappropriate use of RFC 1918 does not break Path MTU
Discovery! You can't still have your cake and have eaten
Well, the biggest offender in this respect by far was @home, and you know what
happened to THEM...
-C
On Fri, Jun 07, 2002 at 12:55:08PM -0400, Greg A. Woods wrote:
[ On Friday, June 7, 2002 at 10:26:53 (+0100), Stephen J. Wilcox wrote: ]
Subject: Re: Bogon list
RFC1918 does not break
In the referenced message, Stephen J. Wilcox said:
On Thu, 6 Jun 2002, Stephen Griffin wrote:
In the referenced message, Sean M. Doran said:
Basically, arguing that the routing system should carry around
even more information is backwards. It should carry less.
If IXes need
[ On Friday, June 7, 2002 at 15:28:56 (-0400), Stephen Griffin wrote: ]
Subject: Re: Bogon list
I agree, however, most folks want to see the topology, some just choose
to violate RFC1918 in order to do it.
Sometimes even I stoop so low! :-)
# bloody rogers routers use these nets
On Thu, Jun 06, 2002 at 02:14:21AM +0300, [EMAIL PROTECTED] said:
Richard,
Kindly explain how not knowing procmail (or Unix for that matter)
relates to configuring BGP/OSPF/Cisco IOS/JunOS
(Yes I know JunOS is based on FreeBSD -
but I doubt anyone runs an MTA or MUA on it ... ;-)
It's
[ On Wednesday, June 5, 2002 at 23:22:38 (-0400), [EMAIL PROTECTED] wrote: ]
Subject: Re: OT: Re: Bogon list
3) Remember that for procmail to nuke the second copy, the second copy
has to arrive - I'm personally just a bit miffed at somebody who sent me
2 copies of a large file. Yes
In the referenced message, Sean M. Doran said:
Basically, arguing that the routing system should carry around
even more information is backwards. It should carry less.
If IXes need numbers at all (why???) then use RFC 1918 addresses
and choose one of the approaches above to deal with
In article [EMAIL PROTECTED],
Sean M. Doran [EMAIL PROTECTED] wrote:
| Why treat exchange subnets differently to any other bit of backbone
| infrastructure?
Oh, I wholeheartedly agree. I would love them all to use RFC 1918
addresses, because it is VERY VERY VERY rare that anything outside
I haven't seen a 'icmp source lo0' interface command yet. Hopefully
it will be added for ipv6 so exchanges can use link-local addressing
(ipv6 has no fragmentation, PMTUd is mandatory).
Mike.
Now expired...
draft-kato-bgp-ipv6-link-local-01.txt
Proof of concept
On Wed, Jun 05, 2002 at 08:34:58AM +, Miquel van Smoorenburg wrote:
I haven't seen a 'icmp source lo0' interface command yet. Hopefully
it will be added for ipv6 so exchanges can use link-local addressing
(ipv6 has no fragmentation, PMTUd is mandatory).
I'm not terribly sure why you
GAW Date: Tue, 4 Jun 2002 23:14:58 -0400 (EDT)
GAW From: Greg A. Woods
GAW If a given router uses a single unique-to-itself canonical
GAW globally routable source address for all ICMP error replies
GAW it generates then the output of the likes of traceroute and
GAW even ping will still be
On Wed, Jun 05, 2002 at 09:50:17PM +0300, [EMAIL PROTECTED] said:
[snip]
RB :0 Wh: msgid.lock
RB | formail -D 8192 msgid.cache
Randy,
Are you sure that:
1) All NANOG subscribers recognize the above as a procmail rule ?
most of them, probably.
2) That all NANOG subscribers read
On Wed, Jun 05, 2002 at 09:50:17PM +0300, Rafi Sadowsky wrote:
## On 2002-06-05 04:45 -0700 Randy Bush typed:
RB :0 Wh: msgid.lock
RB | formail -D 8192 msgid.cache
Randy,
Are you sure that:
1) All NANOG subscribers recognize the above as a procmail rule ?
If they don't,
On Wed, Jun 05, 2002 at 03:18:58PM -0400, [EMAIL PROTECTED] said:
This is an auto-generated system message. Please do not reply to this
address.
[snip legalese]
Whoever this is, will you PLEASE fix your auto-noise generator to not pollute
mailing lists?
Apologies to the list for the
| 2) That all NANOG subscribers read list E-mail on machines that have
| procmail on them ?
No, certainly not. Many enlightened subscribers know about
http://www.gnus.org/manual/gnus_124.html#SEC123
or
http://www.gnus.org/manual/gnus_171.html#SEC171
(which is a very gnus-ish documentation
Which, by the way, rocks the hizzy.
If anyone needs some qmail-scanner and/or spam-assassin help in qmail, let
me know. I just spent the last couple days pfutzing with it extensively.
On Wed, 5 Jun 2002, Joel Jaeggli wrote:
some of them have spamassassain
Which, by the way, rocks the hizzy.
If anyone needs some qmail-scanner and/or spam-assassin help in qmail,
let me know. I just spent the last couple days pfutzing with it
extensively.
I just bumped my hit count to 6. I found a small number of lists I am on
were making it into my spam
Hi, folks.
For a while folks have asked me to add an aggregated ACL, prefix-list,
or black hole routes to the various templates on my site. I've avoided
this for a variety of reasons, and decided to create the best of all
worlds - the bogon list. :)
This list includes the bogons, in both
On Tue, Jun 04, 2002 at 10:30:33AM -0500, Rob Thomas wrote:
For a while folks have asked me to add an aggregated ACL, prefix-list,
or black hole routes to the various templates on my site. I've avoided
this for a variety of reasons, and decided to create the best of all
worlds - the bogon
Then we come to the extra bogons like exchange point allocations. Can't
forget them. :)
I've never heard anyone refer to the IXP allocations as bogons. Plus, I've
not heard of anyone filtering the IXP prefixes on their ingress peering
filters. Egress peering filters - yes.
On Tuesday, June 4, 2002, at 12:48 , Barry Raveendran Greene wrote:
Then we come to the extra bogons like exchange point allocations. Can't
forget them. :)
I've never heard anyone refer to the IXP allocations as bogons. Plus,
I've
not heard of anyone filtering the IXP prefixes on their
I agree with Joe on this. At one time we were filtering 198.32/16 from
our peers but ran into things like ep.net (198.32.6.31) breaking. We now
only filter on IXP blocks for which we participate.
While on the subject of IXP blocks, we also ended up redistributing the
IXP blocks and sending them
On Tue, Jun 04, 2002 at 11:04:40AM -0700, David McGaugh wrote:
I agree with Joe on this. At one time we were filtering 198.32/16 from
our peers but ran into things like ep.net (198.32.6.31) breaking. We now
only filter on IXP blocks for which we participate.
While on the subject of IXP
On Tue, Jun 04, 2002 at 04:17:04PM -0400, Joe Abley wrote:
On Tuesday, June 4, 2002, at 03:47 , Richard A Steenbergen wrote:
Exchange point blocks SHOULDN'T be transited by anyone, therefore you
should not hear them from your peers.
[snip]
Messy traceroutes make the helpdesk phone
On Tue, Jun 04, 2002 at 11:04:40AM -0700, David McGaugh wrote:
I agree with Joe on this. At one time we were filtering 198.32/16 from
our peers but ran into things like ep.net (198.32.6.31) breaking. We now
only filter on IXP blocks for which we participate.
While on the subject of
On Tue, Jun 04, 2002 at 01:24:04PM -0700, Clayton Fiske wrote:
How does the absence of an IXP route affect traceroutes -through- it?
The IXP device has a route back to the source of the trace, so it can
reply. The traceroute packets are addressed to the ultimate destination,
so they don't
In a message written on Tue, Jun 04, 2002 at 03:47:00PM -0400, Richard A Steenbergen
wrote:
Exchange point blocks SHOULDN'T be transited by anyone, therefore you
should not hear them from your peers.
I would say this the other way around, all exchange point blocks
should be transited by
On Tue, Jun 04, 2002 at 04:47:51PM -0400, Leo Bicknell wrote:
In a message written on Tue, Jun 04, 2002 at 03:47:00PM -0400, Richard A Steenbergen
wrote:
Exchange point blocks SHOULDN'T be transited by anyone, therefore you
should not hear them from your peers.
I would say this the
as peers do not give eachother transit, you don't need to announce
the IX to eachother to get traceroute to work. you just carry it
in your own network.
randy
as peers do not give eachother transit, you don't need to announce
the IX to eachother to get traceroute to work. you just carry it
in your own network.
Weren't they talking about customers at a downstream ISPs which don't
connect directly to the exchange?
one gives transit customers the
We announce the IXP blocks to customers and not peers for IXs which we
participate. Additionally we don't filter our peers if they were to
announce an IXP block so long as it is not an IXP block for an IX which
we participate. (grammar?) This way we can continue to learn routes for
things like
In a message written on Tue, Jun 04, 2002 at 01:54:07PM -0700, Aditya wrote:
Am I right that I don't see a reason why IX blocks should be transited other
than traceroute should work? I can think of a couple of reasons why the blocks
SHOULDN'T be transitted by anyone.
Traceroute to
Tweaking our Looking Glass software by itself would not fix the problem
(ours doesn't have this problem anyway). To fix the problem everyone
would have to tweak their Looking Glass software since the problem can
be seen when someone traceroutes from a peer or 3rd party's Looking
Glass into our
It just occurred to me that one could use the extended traceroute on the
back end for a Cisco to tweak the source IP but there again, it would
not be completely effective unless everyone did this.
-Dave
David McGaugh wrote:
Tweaking our Looking Glass software by itself would not fix the
| Tweaking our Looking Glass software by itself would not fix the problem
| (ours doesn't have this problem anyway). To fix the problem everyone
| would have to tweak their Looking Glass software since the problem can
| be seen when someone traceroutes from a peer or 3rd party's Looking
| Glass
On Tuesday, June 4, 2002, at 07:49 , Sean M. Doran wrote:
| Messy traceroutes make the helpdesk phone ring.
Messy architecture is worse!
Agreed. An inconsistent architecture is a messy one. Why treat exchange
subnets differently to any other bit of backbone infrastructure? Why
number
| Why treat exchange subnets differently to any other bit of backbone
| infrastructure?
Oh, I wholeheartedly agree. I would love them all to use RFC 1918
addresses, because it is VERY VERY VERY rare that anything outside
the scope in which the 1918 local use addresses are unique actually
Targeting people who look up in-addr.arpa mappings, you could
always emit pointers to would-be tracerouters -- get yer real
data at http://...
Points to the person who first puts such a thing into the DNS.
Started it in 1997... Presented it INET in 1998.
UCB a couple
[[ What's with the huge CC list everyone? Aren't we all subscribers? Do
y'all enjoy getting multiple copies of replies? I don't! ;-) ]]
[ On Tuesday, June 4, 2002 at 18:33:23 (-0700), Sean M. Doran wrote: ]
Subject: Re: Bogon list
| Why treat exchange subnets differently to any other
Does anyone know of a source for a reliable bogon list? The best I know if
is from Rob Thomas, but his last template update was 10/01, and IANA's
made allocations since then.
http://www.iana.org/assignments/ipv4-address-space is the best I can find,
but wanted to see if anyone had a more
Hi, Kevin.
] Does anyone know of a source for a reliable bogon list? The best I know if
] is from Rob Thomas, but his last template update was 10/01, and IANA's
] made allocations since then.
Actually, the mistake is that I've updated my template yet failed to change
the date. DOH! Sorry
81 matches
Mail list logo