Net-24 top prefix generating bogus RFC-1918 queries
Operators within Net-24 (typically Cable Operators) would do good in setting up a AS112 anycasted DNS server within their networks. Cable modem users tyically NAT their connections to allow multiple machines at home to be "online". This causes local hosts to generate junk traffic towards the global internet when these machines query for or try DynaDNS updates on RFC-1918 addresses. In a 100,000 query sample (lasted for 30 seconds) we saw 768 unique Net-24 prefixes. All of them had multiple queries within the sample period. Looking at the raw data, we saw 7444 queries out of 100,000 queries from Net-24 prefixes. Given this, each Net-24 query, on average, asked for info 10 times within the 30 sec sample window. All of this is from a AS112 server located in NM that is announcing the AS112 prefix towards our transit provider AS 1239. If you are not aware of the AS112 project you should look at : http://www.as112.net Site maintained by Paul Vixie My setup tips page: http://www.chagreslabs.net/jmbrown/research/as112/index.html Based on a 1,000,000 query (2 min period of time) here are the top 20 /8's that gen bogus queries for RFC-1918 related DNS data. 61637 24.0.0.0 51596 65.0.0.0 36974 216.0.0.0 32925 63.0.0.0 31503 66.0.0.0 31483 208.0.0.0 30760 217.0.0.0 25813 168.0.0.0 25538 151.0.0.0 25300 209.0.0.0 19862 200.0.0.0 19375 68.0.0.0 17568 207.0.0.0 17303 80.0.0.0 16585 141.0.0.0 13831 64.0.0.0 11652 206.0.0.0 10295 204.0.0.0 10016 205.0.0.0 7795 218.0.0.0 6666 202.0.0.0
John Brown wrote:
Operators within Net-24 (typically Cable Operators) would do good in setting up a AS112 anycasted DNS server within their networks.
Same with 68/8. A few large cable operators (Cox, Comcast, Charter, RoadRunner, etc.) have netblocks in 68/8. .
Based on a 1,000,000 query (2 min period of time) here are the top 20 /8's that gen bogus queries for RFC-1918 related DNS data.
61637 24.0.0.0 51596 65.0.0.0
Why does 65/8 generate almost as many queries as 24/8?
participants (3)
-
John Brown
-
Justin Shore
-
Roland Verlander