On Sat, 14 Apr 2007, Jon R. Kibler wrote:
CYMRU has 7/8 listed as a bogon: http://www.cymru.com/Documents/bogon-dd.html
Their list is more or less authoritative, so I would believe that you should never see traffic from that netblock. This is also consistent with Sprint blackholeing it as a bogon in your original post.
Their list is no more "authoritative" then mine and I suspect they simply did not look into this netblock case before. Another bogon tracking system http://www.cidr-report.org/#Bogons does not list it as bogon even though it does see same 7.1.1.0/24 announcement by Sprint. I'm also curious to know why you think that Sprintlink is blackholing it? ----- In case you're wondering they do route this block, here is where my traceroute ends: ... 11 sl-bb20-rly-12-0.sprintlink.net (144.232.7.249) 79.181 ms 76.106 ms 77.925 ms 12 sl-bb20-tuk-11-0.sprintlink.net (144.232.20.137) 97.675 ms 97.748 ms 98.021 ms 13 sl-bb21-tuk-15-0.sprintlink.net (144.232.20.133) 97.672 ms 97.579 ms 280.387 ms 14 sl-bb21-lon-14-0.sprintlink.net (144.232.19.70) 168.667 ms 169.151 ms 179.363 ms 15 sl-bb23-lon-14-0.sprintlink.net (213.206.128.54) 168.879 ms 168.922 ms 168.716 ms 16 sl-bb21-ams-3-0.sprintlink.net (213.206.129.142) 161.711 ms 161.816 ms 180.609 ms 17 sl-bb20-ham-14-0.sprintlink.net (213.206.129.50) 167.782 ms 167.884 ms 167.716 ms 18 sl-gw2-ham-0-0-0.sprintlink.net (217.147.96.100) 167.770 ms 167.928 ms 168.193 ms 19 * * * Last hop is in Germany which is a bit suspicious for supposed US DoD block but there are some military bases there after all... Also there are some interesting messages about this netblock that one can find on the net, like say: http://www.monkey.org/openbsd/archive/misc/0207/msg01215.html http://irisheagle.blogspot.com/2006_03_01_irisheagle_archive.html
That said, it doesn't mean that the netblock is unused. Most likely it is a netblock that DoD actually uses, but it is only routed on DoD's private backbone and never on the Internet.
If that is the case and they started using it in the days of J Postel with his permission, then its not a bogon. Conflicting information at ARIN and especially that their info was updated in 2006 leads me to believe that's the case. Add to it that I have several copies of old DoD hosts table and they all list it as "EDN-TEMP", but what it refers to and if the block should or should not still be in use I don't know. Unfortunately all of this does not mean you should allow (or deny) traffic from 7.0.0.0/8, but it also does not mean that if you do see any traffic that its necessarily unauthorized.
william(at)elan.net wrote:
Anybody know if 7.0.0.0/8 is or is not allocated to DoD? The data at IANA and ARIN is kind-of confusing...
--------------------------------------------------------------- 7.1.1.0/24 ## AS1239 : SPRINTLINK : Sprint 7.0.0.0 - 7.255.255.255 ## Bogon (unallocated) ip range --------------------------------------------------------------- http://www.iana.org/assignments/ipv4-address-space 007/8 Apr 95 IANA - Reserved --------------------------------------------------------------- [IPv4 whois information for 7.0.0.1 ] [whois.arin.net]
OrgName: DoD Network Information Center OrgID: DNIC Address: 3990 E. Broad Street City: Columbus StateProv: OH PostalCode: 43218 Country: US
NetRange: 7.0.0.0 - 7.255.255.255 CIDR: 7.0.0.0/8 NetName: DISANET7 NetHandle: NET-7-0-0-0-1 Parent: NetType: Direct Allocation Comment: RegDate: 1997-11-24 Updated: 2006-04-28
OrgTechHandle: MIL-HSTMST-ARIN OrgTechName: Network DoD OrgTechPhone: +1-800-365-3642 OrgTechEmail: HOSTMASTER@nic.mil