Does anyone know the status of this netblock? I've come across a malware sample configured to callback to an IP in that range but it does not appear to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any whois information. Thanks, Harley
Jump the slightest bit ahead in the library: https://tools.ietf.org/html/rfc5737 On Fri, Apr 17, 2015 at 1:14 PM, Harley H <bobb.harley@gmail.com> wrote:
Does anyone know the status of this netblock? I've come across a malware sample configured to callback to an IP in that range but it does not appear to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any whois information.
Thanks, Harley
-- *Trent Farrell* *Riot Games* *IP Network Engineer* E: tfarrell@riotgames.com | IE: +353 83 446 6809 | US: +1 424 285 9825 Summoner name: Foro
No one? http://whois.arin.net/rest/net/NET-192-0-0-0-0/pft http://www.dslreports.com/forum/r28692406-Outgoing-traffic-to-192.0.1.0-port... Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Apr 17, 2015 at 4:14 PM, Harley H <bobb.harley@gmail.com> wrote:
Does anyone know the status of this netblock? I've come across a malware sample configured to callback to an IP in that range but it does not appear to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any whois information.
Thanks, Harley
It is mentioned in RFC 1166 as "BBN-TEST-C". I suppose it's still not publicly allocated. On Fri, Apr 17, 2015 at 4:18 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
No one?
http://whois.arin.net/rest/net/NET-192-0-0-0-0/pft
http://www.dslreports.com/forum/r28692406-Outgoing-traffic-to-192.0.1.0-port...
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Apr 17, 2015 at 4:14 PM, Harley H <bobb.harley@gmail.com> wrote:
Does anyone know the status of this netblock? I've come across a malware sample configured to callback to an IP in that range but it does not appear to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any whois information.
Thanks, Harley
nothing that is authoritative (anymore)… 1996-2000 last century, 192.0.0.0/24 and 192.0.1.0/24 were identified as usable address blocks, post-CIDR testing/evaluation. they were both earmarked for use in the (then) four new root servers (which became J, K, L, and M)… they were then supposed to be used as the blocks for the root zone distribution masters. ICANN emerged and claimed them for itself, at one point using them for internal ICANN networking. I lost interest/control at that point and don;t know what happened after that. manning bmanning@karoshi.com PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 17April2015Friday, at 13:26, Harley H <bobb.harley@gmail.com> wrote:
It is mentioned in RFC 1166 as "BBN-TEST-C". I suppose it's still not publicly allocated.
On Fri, Apr 17, 2015 at 4:18 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
No one?
http://whois.arin.net/rest/net/NET-192-0-0-0-0/pft
http://www.dslreports.com/forum/r28692406-Outgoing-traffic-to-192.0.1.0-port...
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Apr 17, 2015 at 4:14 PM, Harley H <bobb.harley@gmail.com> wrote:
Does anyone know the status of this netblock? I've come across a malware sample configured to callback to an IP in that range but it does not appear to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any whois information.
Thanks, Harley
Wasn't (part) of this space assigned to RFC6333? Carrier Grade NAT and stuff... https://tools.ietf.org/html/rfc6333 ? -- Marco manning schreef op 17-04-15 om 22:45:
nothing that is authoritative (anymore)… 1996-2000
last century, 192.0.0.0/24 and 192.0.1.0/24 were identified as usable address blocks, post-CIDR testing/evaluation. they were both earmarked for use in the (then) four new root servers (which became J, K, L, and M)… they were then supposed to be used as the blocks for the root zone distribution masters.
ICANN emerged and claimed them for itself, at one point using them for internal ICANN networking. I lost interest/control at that point and don;t know what happened after that.
manning bmanning@karoshi.com PO Box 12317 Marina del Rey, CA 90295 310.322.8102
On 17April2015Friday, at 13:26, Harley H <bobb.harley@gmail.com> wrote:
It is mentioned in RFC 1166 as "BBN-TEST-C". I suppose it's still not publicly allocated.
On Fri, Apr 17, 2015 at 4:18 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
No one?
http://whois.arin.net/rest/net/NET-192-0-0-0-0/pft
http://www.dslreports.com/forum/r28692406-Outgoing-traffic-to-192.0.1.0-port...
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Apr 17, 2015 at 4:14 PM, Harley H <bobb.harley@gmail.com> wrote:
Does anyone know the status of this netblock? I've come across a malware sample configured to callback to an IP in that range but it does not appear to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any whois information.
Thanks, Harley
Marco Davids schreef op 17-04-15 om 23:08:
Oh wait, that's 192.0.0.0/29, not 192.0.1.0/24... -- Marco
On Fri, Apr 17, 2015 at 11:13:11PM +0200, Marco Davids wrote:
Marco Davids schreef op 17-04-15 om 23:08:
Oh wait, that's 192.0.0.0/29, not 192.0.1.0/24...
192.0.1.0/24 sounds vaguely like something really old HP JetDirects used as a "default IP" when they weren't configured yet, or when BOOTP failed. Or maybe it was 192.0.0.192: http://www.sprint.net.au/~terbut/usefulbox/hpjetdirectexplus.htm
Harley is correct that 192.0.1/24 is mentioned in 1166, but AFAICS after cursory examination it has fallen through the cracks since then. (Note, this is not the same as 192.0.2/24, which has been updated in several RFCs recently, including 6303 by Mark Andrews (cc'ed for his information). I've also cc'ed Leo and Michelle from ICANN so that hopefully they can see about getting some whois info set up for that network. Michelle, let me know if it would be easier for you if I opened a ticket for this request. Doug On 4/17/15 1:26 PM, Harley H wrote:
It is mentioned in RFC 1166 as "BBN-TEST-C". I suppose it's still not publicly allocated.
On Fri, Apr 17, 2015 at 4:14 PM, Harley H <bobb.harley@gmail.com> wrote:
Does anyone know the status of this netblock? I've come across a malware sample configured to callback to an IP in that range but it does not appear to be routable. Yet, it is not mentioned in RFC 5735 nor does it have any whois information.
Thanks, Harley
-- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks!
Doug Barton schreef op 18-04-15 om 01:52:
Harley is correct that 192.0.1/24 is mentioned in 1166, but AFAICS after cursory examination it has fallen through the cracks since then.
It has been seen in the wild a few times though (for whatever reason...) https://stat.ripe.net/192.0.1.0%2F24#tabId=routing -- Marco
Hi, On Fri, Apr 17, 2015 at 04:52:28PM -0700, Doug Barton wrote: [...]
I've also cc'ed Leo and Michelle from ICANN so that hopefully they can see about getting some whois info set up for that network. Michelle, let me know if it would be easier for you if I opened a ticket for this request.
As Harley correctly notes, in 1990 192.0.1.0/24 was listed in RFC 1166 as BBN-TEST-C. RFC 1166 was one in a series of status reports on the distribution of Internet Number Resources and other protocol parameters that started in the 1970s and continued until RFC 1700, which was published in 1994. Eight years later, RFC 3232 noted that the function provided by those reports had been provided via an online database since 1994. RFC 3232 noted that the periodic status reports might be continued by a new organization. Most of that reporting responsibility was taken on by the RIRs. However, in 2002 RFC 3330 provided an update on the special use IPv4 addresses that had been assigned in various RFCs. RFC 3330 did not include any mention of 192.0.1.0/24 and nor did its successor, RFC 5735. RFC 6890 was published In 2013 and created a pair of IANA registries for special-purpose IPv4 and IPv6 addresses. 192.0.1.0/24 is not listed in the IANA IPv4 Special-Purpose Address Registry (https://www.iana.org/assignments/iana-ipv4-special-registry) and has no special purpose. ARIN is the administrator of 192.0.0.0/8 and other than special-purpose assignments registered in accordance with the requirements of section 4.3 of RFC 2860, addresses in this /8 are allocated according to ARIN policy. I hope this is helpful. Regards, Leo Vegoda
participants (8)
-
Chuck Anderson
-
Doug Barton
-
Harley H
-
Josh Luthman
-
Leo Vegoda
-
manning
-
Marco Davids
-
Trent Farrell