Bogon filters made a lot of sense when most of the Internet was
bogons. Back when 5% of the IP space was allocated blocking the
other 95% was an extremely useful endevour. However, by the same
logic as we get to 80-90% used, blocking the 20-10% unused is
reaching diminishing returns; and at the
Yes. 1918 (10/8, 172.16/12, 192.168/16), D, E, reflective (outgoing
mirroring), and as always individual discretion.
--Patrick Darden
-Original Message-
From: Leo Bicknell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 9:10 AM
To: nanog@nanog.org
Subject: Is it time to
Was looking over 1918 again, and for the record I have only run into one
network that follows:
If two (or more) organizations follow the address allocation
specified in this document and then later wish to establish IP
connectivity with each other, then there is a risk that address
Where I work we are more aimed towards the SMB market, and we do run into that
issue a lot. Of course a lot of the problem we run into is that the
engineers who set up these SMB clients, even getting into some of the larger
businesses just use what they always do. I can think of one specific
This makes sense especially for static filters. Automated feeds, such
as the bogon route-server or DNS zones, leaves folks with options.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, Out of coffee!);
Darden, Patrick S. wrote:
Most private networks start at the bottom and work up: 192.168.0.X++,
10.0.0.X++, etc. This makes
any internetworking (ptp, vpn, etc.) ridiculously difficult. I've seen
a lot of hack jobs
using NAT to get around this. Ugly.
Well, you can always do what one of the
Matthew Kaufman wrote:
do what one of the companies I work with does: allocate from
42.0.0.0/8
some italian isps use blocked american military /8s. i find that highly
amusing, especially when i think of the long-term implication for the
folk who blocked access to that they wanted to 'own'.
On Aug 6, 2008, at 10:28 AM, Rob Thomas wrote:
This makes sense especially for static filters. Automated feeds,
such as the bogon route-server or DNS zones, leaves folks with
options.
Honestly, I don't believe the 80/20 rules applies here.
Until all transit networks are willing to
Until all transit networks are willing to strictly filter their
downstreams (and themselves!), if there is any unused space (note I said
unused, not unallocated), the miscreants will use it.
serious curiosity:
what is the proportion of bad stuff coming from unallocated space vs
allocated
serious curiosity:
what is the proportion of bad stuff coming from unallocated space vs
allocated space? real measurements, please. and are there longitudinal
data on this?
Let me see what we can produce in the way of data. I'll just count
2008, though I could go back further if there's
Darden, Patrick S. wrote:
Was looking over 1918 again, and for the record I have only run into one
network that follows:
If two (or more) organizations follow the address allocation
specified in this document and then later wish to establish IP
connectivity with each other, then there
Randy Bush wrote:
serious curiosity:
what is the proportion of bad stuff coming from unallocated space vs
allocated space? real measurements, please. and are there longitudinal
data on this?
are the uw folk, gatech, vern, ... measuring?
I still have 2 of my borders using an inbound ACL to
Leo Bicknell wrote:
Have bogon filters outlived their use? Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?
In my opinion no; BOGON filters are still very useful. Back when only
5% of the IP space was
I see a number of hits on those entries, especially on 94/8. and 0/8.
You do know that 94/8 has been assigned to the RIPE NCC, right? :-)
Cheers,
Rob
On Aug 6, 2008, at 7:44 AM, Matthew Kaufman wrote:
Darden, Patrick S. wrote:
Most private networks start at the bottom and work up: 192.168.0.X++,
10.0.0.X++, etc. This makes
any internetworking (ptp, vpn, etc.) ridiculously difficult. I've
seen
a lot of hack jobs
using NAT to get around
Leo Bicknell wrote:
Have bogon filters outlived their use? Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?
Seems like filtering against those could be done on the backplane, so to
speak.
One of the
Rob Evans wrote:
I see a number of hits on those entries, especially on 94/8. and 0/8.
You do know that 94/8 has been assigned to the RIPE NCC, right? :-)
I knew I should have logged into a production box to look at the ACL
counters. But no, I thought the former border that I was already
Most organizations that would be doing this would not randomly pick out
subnets, if I understand you. They would randomly pick out a subnet, then they
would sub-subnet that based on a scheme. I believe this is the intent of RFC
1918. Not to apply a random IP scheme, but to randomly pick a
On 06/08/2008 4:44, Matthew Kaufman [EMAIL PROTECTED] wrote:
[...]
Well, you can always do what one of the companies I work with does:
allocate from 42.0.0.0/8 for networks that might need to interoperate
with 1918 space and hope that it is forever before we run so low on
IPv4 space that
Darden, Patrick S. wrote:
Most organizations that would be doing this would not randomly pick out
subnets, if I understand you. They would randomly pick out a subnet, then they
would sub-subnet that based on a scheme. I believe this is the intent of RFC
1918. Not to apply a random IP
Would someone from Verizon please contact me? Or, if you know of a
technical contact for Verizon, please pass it along. Thanks.
Best,
Alan
On Aug 6, 2008, at 12:36 PM, Joel Jaeggli wrote:
Darden, Patrick S. wrote:
Most organizations that would be doing this would not randomly pick
out subnets, if I understand you. They would randomly pick out a
subnet, then they would sub-subnet that based on a scheme. I
believe this is
On Aug 6, 2008, at 11:46 AM, Laurence F. Sheldon, Jr. wrote:
Leo Bicknell wrote:
Have bogon filters outlived their use? Is it time to recommend
people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?
Seems like filtering against
Well, how about this then: 10.Z.X.Y with Z being continent, X being country
name with letters beginning with A assigned 1-10, B 11-20, with any unused
letters having their numbers appended as needed, and Y being of course the
host/int itself with maybe still 1-20 as switches/routers, 21-50 as
Actually, rereading this, I agree. My experience is large companies take it
all, using huge swathes inefficiently, instead of doing it right. In my
previous post I was answering the question I thought you were asking, not your
real question.
I agree with you both.
I think that RFC1918
Then again, it does make Team Cymru an attractive target for DoS or even
compromise if they can control routing policy to a degree for a large number of
disparate networks. Especially if it gets in the way of for-profit spammers.
(Not trying to knock them, just providing a for consideration.
1. DOS of Cymru (as noted below).
2. False Positives. Your network is suddenly stranded. Maybe on purpose.
(DOS of a network, e.g. China or Youtube).
3. False Negatives. A bogus network is suddenly centrally rubber-stamped.
Could happen. We've seen a lot of shenanigans with the domain
On Thu, 7 Aug 2008, Randy Bush wrote:
serious curiosity:
what is the proportion of bad stuff coming from unallocated space vs
allocated space? real measurements, please. and are there longitudinal
data on this?
are the uw folk, gatech, vern, ... measuring?
Attacks or misconfigured leaks?
Hi, Skywing.
We've had a few DDoS attacks and lots of scans and hack attempts. Some
of the DDoS attacks managed to wipe out our front-end. At no point were
the route-servers impacted, since we keep them well away from our
networks, widely distributed, and vigorously monitored (configs,
Darden, Patrick S. wrote:
I'll reply below with //s. My point is still: most companies do not use RFC1918 correctly.
As with say v4 prefix distribution as a whole where you observe that the
number of very large prefix holders is rather small, it's really easy
to say most casually,
RES Date: Tue, 05 Aug 2008 09:19:44 -0400
RES From: Robert E. Seastrom
RES If trends have continued since last I looked at it, very manageable
RES after you take out the binaries. Insignificant if you could figure
RES out a way to get rid of the flames and spam. :)
Usenet - binaries - flames -
Nick,
I had experienced similar situation in last year.
We evaluated our internet connectivity on application layer to explain
our connectivity for our customer.
I had presentation in JANOG21
(JApan Network Operators' Group 21th meeting) in January.
JANOG i18n members translated my Japansese
We operate a transit box, and there are still quite a few of them out
there. Pushing hundreds and hundreds of megs.
http://news.anthologeek.net/
-Original Message-
From: Edward B. DREGER [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 2:48 PM
To: Robert E. Seastrom
Cc:
--- [EMAIL PROTECTED] wrote:
Most organizations that would be doing this would not randomly pick out
subnets, if I understand you. They would randomly pick out a subnet, then they
would sub-subnet that based on a scheme.
---
One way to do it...
But ... that's part of why RFC1918 is used, so they have this fairly large
address range to play with.
And remember, what one person calls inefficiency, another calls
flexibility. Either (or neither) may be right!
Oh, and I don't think we can say RFC1918 doesn't work today - obviously it
Very helpful information. Thanks.
Nick Downey
-Original Message-
From: Hiroyuki ASHIDA [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 1:51 PM
To: [EMAIL PROTECTED]
Cc: nanog@nanog.org
Subject: Re: Out of Date Bogon Prefix
Nick,
I had experienced similar situation in last
I think the problem is that operational reality (ease of use, visual
clarity, etc.) has long since won the war against the numerical
capabilities.
Things like assigning /24's per vlan make the routing table easy to read,
subnets easy to assign, etc.
Starting from the bottom up, the next
Skywing wrote:
Then again, it does make Team Cymru an attractive target for DoS or even
compromise if they can control routing policy to a degree for a large number of
disparate networks. Especially if it gets in the way of for-profit spammers.
(Not trying to knock them, just providing a for
sorry, nm. glue records in the rootzones, that no one should have put.
I'll go back in my corner now.
-Original Message-
From: Ross Dmochowski
Sent: Wednesday, August 06, 2008 12:33 PM
To: nanog@nanog.org
Subject: gTLD root nameserver anomaly
Importance: High
Something weird seems
Nick,
You might want to take a closer look at who is really bogon filtering
you. Emailing their upstream providers may not be the most effective
method for getting endsites to update their bogon filters. They don't
have to listen to us when we forward your note on. We can't force them
That makes sense. I am working on updating our MP. Thanks.
Nick
-Original Message-
From: Heather Schiller [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 3:13 PM
To: Nick Downey
Cc: nanog@nanog.org
Subject: Re: Out of Date Bogon Prefix
Nick,
You might want to take a
Hi all. You may want to be ready for a *possible* support lines flood
today.
Yesterday I discovered a fast-spreading facebook worm. It spreads by
sending messages to all your facebook friends, from your account, asking
them to click on a link in the .pl ccTLD.
This worm is somewhat similar
42 matches
Mail list logo