http://bgp.he.net/net/100.100.0.0/24#_bogon A surprising number of large transit ASes appear to be more than willing to accept this prefix from AS4847. I'd be a lot happier if there were fewer. thanks joel
On Thu, Oct 4, 2012 at 1:17 PM, joel jaeggli <joelja@bogus.com> wrote:
http://bgp.he.net/net/100.100.0.0/24#_bogon
A surprising number of large transit ASes appear to be more than willing to accept this prefix from AS4847.
that took longer than expected. the internet has failed my expectations.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 05 October 2012 12:04 AM, Christopher Morrow wrote:
On Thu, Oct 4, 2012 at 1:17 PM, joel jaeggli <joelja@bogus.com> wrote:
http://bgp.he.net/net/100.100.0.0/24#_bogon
A surprising number of large transit ASes appear to be more than willing to accept this prefix from AS4847.
that took longer than expected. the internet has failed my expectations.
I learnt to use whois for such strange results! :) anurag@laptop:~$ whois 100.64.0.0 # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=100.64.0.0?showDetails=true&showARIN=false&ext=netref2 # NetRange: 100.64.0.0 - 100.127.255.255 CIDR: 100.64.0.0/10 OriginAS: NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED NetHandle: NET-100-64-0-0-1 Parent: NET-100-0-0-0-0 NetType: IANA Special Use Comment: This block is used as Shared Address Space. Traffic from these addresses does not come from IANA. IANA has simply reserved these numbers in its database and does not use or operate them. We are not the source of activity you may see on logs or in e-mail records. Please refer to http://www.iana.org/abuse/ Comment: Comment: Shared Address Space can only be used in Service Provider networks or on routing equipment that is able to do address translation across router interfaces when addresses are identical on two different interfaces. Comment: Comment: This block was assigned by the IETF in the Best Current Practice document, Comment: RFC 6598 which can be found at: Comment: http://tools.ietf.org/html/rfc6598 RegDate: 2012-03-13 Updated: 2012-04-23 Ref: http://whois.arin.net/rest/net/NET-100-64-0-0-1 - -- Anurag Bhatia http://anuragbhatia.com Twitter: @anurag_bhatia Skype: anuragbhatia.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJQbiVaAAoJEPnIYygGLJNaV18H/Rg/TJiMhh6QbYHX04JFLQ1V UOd0ihW128qpKllFMuqmwkeBFF2psPqrSdCBGqk+J1CQtgmcgwPNUaebVzoijaa/ kuPBMJNod6DhIiwKSZlkWkL5cF7buhh+E0neT4LMHsE/qVxgXEYZF/Z0OWR1L71e 38xw8Nx2javtXcBlpPbMDriFekmv4B1tSw9R4aHDJolquYmjZzBpOSj8EAX5hYLW vj7nc6SYp5lGuwgbSYCwPZvIXN0Olt/puuabeVFRXbwKWml/wScAunBIbCoP/n2G gT1MdVpcMnsBj1ZJC/fIy70Wlu/6d7z4hq8OMosLXZ3ayrmCU0QAslr6GUOhYz0= =RUOc -----END PGP SIGNATURE-----
http://bgp.he.net/net/100.100.0.0/24#_bogon
A surprising number of large transit ASes appear to be more than willing to accept this prefix from AS4847.
a private address space leak? and propagated. i am deeply shocked. wtf did people think would happen? randy
http://bgp.he.net/net/100.100.0.0/24#_bogon
A surprising number of large transit ASes appear to be more than willing to accept this prefix from AS4847. a private address space leak? and propagated. i am deeply shocked.
wtf did people think would happen? I'm unsurprised that not all filters are in place, more or less where
On 10/5/12 5:08 AM, Randy Bush wrote: they weren't however is another matter. by all accounts this has been advertised since 8/24.
randy
On Oct 5, 2012, at 11:07 AM, Christopher Morrow wrote:
On Fri, Oct 5, 2012 at 8:29 AM, joel jaeggli <joelja@bogus.com> wrote:
by all accounts this has been advertised since 8/24.
space allocated: 2012-03-13 that's 5 months and 11 days too long.
I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it. - Jared
use this: http://www.team-cymru.org/Services/Bogons/bgp.html On Fri, Oct 5, 2012 at 10:18 AM, Jared Mauch <jared@puck.nether.net> wrote:
On Oct 5, 2012, at 11:07 AM, Christopher Morrow wrote:
On Fri, Oct 5, 2012 at 8:29 AM, joel jaeggli <joelja@bogus.com> wrote:
by all accounts this has been advertised since 8/24.
space allocated: 2012-03-13 that's 5 months and 11 days too long.
I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it.
- Jared
Our issue is the templates were updated except for all but one type of device. If you see issues with 2914 folks can ping me off-list. - jared On Oct 5, 2012, at 11:24 AM, Ben Bartsch wrote:
use this:
http://www.team-cymru.org/Services/Bogons/bgp.html
On Fri, Oct 5, 2012 at 10:18 AM, Jared Mauch <jared@puck.nether.net> wrote:
On Oct 5, 2012, at 11:07 AM, Christopher Morrow wrote:
On Fri, Oct 5, 2012 at 8:29 AM, joel jaeggli <joelja@bogus.com> wrote:
by all accounts this has been advertised since 8/24.
space allocated: 2012-03-13 that's 5 months and 11 days too long.
I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it.
- Jared
On Fri, Oct 05, 2012 at 10:24:18AM -0500, Ben Bartsch wrote:
use this:
Please tell me how I can configure my router to use that feed to automatically reject any bogon advertisements I receive from other BGP neigbhors.
On Fri, Oct 5, 2012 at 10:18 AM, Jared Mauch <jared@puck.nether.net> wrote:
I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it.
-- Brett
http://www.team-cymru.org/Services/Bogons/bgp.html Please tell me how I can configure my router to use that feed to automatically reject any bogon advertisements I receive from other BGP neigbhors.
you actually have to look at that web page
В 16:22 -0700 на 06.10.2012 (сб), Randy Bush написа:
http://www.team-cymru.org/Services/Bogons/bgp.html Please tell me how I can configure my router to use that feed to automatically reject any bogon advertisements I receive from other BGP neigbhors.
you actually have to look at that web page
If you're seeing the same page, the configs and explanations there show how to drop packets destined to bogons, not routes. (I also want to know the answer to that question) -- Regards, Vasil Kolev
http://www.team-cymru.org/Services/Bogons/bgp.html Please tell me how I can configure my router to use that feed to automatically reject any bogon advertisements I receive from other BGP neigbhors.
you actually have to look at that web page
If you're seeing the same page, the configs and explanations there show how to drop packets destined to bogons, not routes.
(I also want to know the answer to that question)
then read the frelling page!!! http://www.team-cymru.org/Services/Bogons/bgp-examples.html#cisco-full-v4tra... router bgp <your asn> ! Session 1 neighbor A.B.C.D remote-as 65332 neighbor A.B.C.D description <your description> neighbor A.B.C.D ebgp-multihop 255 neighbor A.B.C.D password <your password> ! Session 2 neighbor E.F.G.H remote-as 65332 neighbor E.F.G.H description <your description> neighbor E.F.G.H ebgp-multihop 255 neighbor E.F.G.H password <your password> ! address-family ipv4 ! Session 1 neighbor A.B.C.D activate neighbor A.B.C.D soft-reconfiguration inbound neighbor A.B.C.D prefix-list cymru-out-v4 out neighbor A.B.C.D route-map CYMRUBOGONS-V4 in ! Session 2 neighbor E.F.G.H activate neighbor E.F.G.H soft-reconfiguration inbound neighbor E.F.G.H prefix-list cymru-out-v4 out neighbor E.F.G.H route-map CYMRUBOGONS-V4 in ! address-family ipv6 ! Session 1 neighbor A.B.C.D activate neighbor A.B.C.D soft-reconfiguration inbound neighbor A.B.C.D prefix-list cymru-out-v6 out neighbor A.B.C.D route-map CYMRUBOGONS-V6 in ! Session 2 neighbor E.F.G.H activate neighbor E.F.G.H soft-reconfiguration inbound neighbor E.F.G.H prefix-list cymru-out-v6 out neighbor E.F.G.H route-map CYMRUBOGONS-V6 in ! ! Depending on IOS version, you may need to configure your router ! for new-style community syntax. ip bgp-community new-format ! ip community-list 100 permit 65332:888 ! ip route 192.0.2.1 255.255.255.255 Null0 ! ip prefix-list cymru-out-v4 seq 5 deny 0.0.0.0/0 le 32 ! ipv6 route 2001:DB8:0:DEAD:BEEF::1/128 Null0 ! ipv6 prefix-list cymru-out-v6 seq 5 deny ::/0 le 128 ! route-map CYMRUBOGONS-V6 permit 10 description IPv6 Filter bogons learned from cymru.com bogon route-servers match community 100 set ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1 ! route-map CYMRUBOGONS-V4 permit 10 description IPv4 Filter bogons learned from cymru.com bogon route-servers match community 100 set ip next-hop 192.0.2.1
On 10/5/12 8:18 AM, Jared Mauch wrote: > On Oct 5, 2012, at 11:07 AM, Christopher Morrow wrote: > >> On Fri, Oct 5, 2012 at 8:29 AM, joel jaeggli <joelja@bogus.com> wrote: >> >>> by all accounts this has been advertised since 8/24. >> space allocated: 2012-03-13 >> that's 5 months and 11 days too long. > I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it. I would imagine though I am open to other interpreations that, the root cause of the leak lies there as well. > - Jared >
participants (9)
-
Anurag Bhatia -
Ben Bartsch -
Brett Frankenberger -
Christopher Morrow -
Jared Mauch -
joel jaeggli -
Nick Hilliard -
Randy Bush -
Vasil Kolev