Maybe I'm misreading this but...
The following traceroute seems to indicate, according to ARIN, that someone is running routers for spammers in the IANA Reserved netspace? First a traceroute:
world% traceroute www.libidomax.com traceroute to www.libidomax.com (209.149.111.17), 30 hops max, 40 byte packets 1 Boston-STD-F.std.com (199.172.62.80) 17 ms 4 ms 4 ms 2 553.Hssi2-0.GW2.BOS1.ALTER.NET (157.130.10.129) 59 ms 107 ms 69 ms 3 124.ATM3-0.XR1.BOS1.ALTER.NET (146.188.176.250) 77 ms 54 ms 37 ms 4 191.ATM2-0.TR1.NYC1.ALTER.NET (146.188.179.82) 38 ms 51 ms 51 ms 5 104.ATM7-0.TR1.ATL1.ALTER.NET (146.188.136.57) 80 ms 87 ms 133 ms 6 100.ATM7-0.XR1.ATL1.ALTER.NET (146.188.232.85) 91 ms 141 ms 63 ms 7 195.ATM10-0-0.GW1.JAX1.ALTER.NET (146.188.232.169) 53 ms 81 ms 107 ms 8 bs-jackson-gw.customer.alter.net (157.130.65.226) 107 ms 132 ms 96 ms 9 172.17.80.46 (172.17.80.46) 59 ms 53 ms 44 ms 10 172.21.210.18 (172.21.210.18) 122 ms 96 ms 49 ms 11 209.149.111.17 (209.149.111.17) 53 ms (ttl=118!) 58 ms (ttl=118!) 150 ms (ttl=118!)
Ok, now let's look up the 172.* addresses:
world% arin 172.17.80.46 IANA (IANA-BBLK-RESERVED) Internet Assigned Numbers Authority Information Sciences Institute University of Southern California 4676 Admiralty Way, Suite 1001 Marina del Rey, CA 90292-6695
Netname: IANA-BBLK-RESERVED Netblock: 172.16.0.0 - 172.31.0.0
Coordinator: Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org (310) 822-1511
Domain System inverse mapping provided by:
BLACKHOLE.ISI.EDU 128.9.64.26 NS2.INTERNIC.NET 198.41.0.11
and I get the same result of course for the other 172 address so I'll save you the redundant cut and paste. What's going on here? -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
At 05:11 PM 10/14/98 -0400, Barry Shein wrote:
The following traceroute seems to indicate, according to ARIN, that someone is running routers for spammers in the IANA Reserved netspace?
[SNIP]
8 bs-jackson-gw.customer.alter.net (157.130.65.226) 107 ms 132 ms 96 ms 9 172.17.80.46 (172.17.80.46) 59 ms 53 ms 44 ms 10 172.21.210.18 (172.21.210.18) 122 ms 96 ms 49 ms 11 209.149.111.17 (209.149.111.17) 53 ms (ttl=118!) 58 ms (ttl=118!) 150 ms (ttl=118!)
What's going on here?
Barry, 172.16.0.0/12 is part of RFC1918 space. There is no prohibition of addressing routers with these addresses, and in fact I do not know of a router that will route RFC1918 space differently than any other IP address. (Of course, you can put in filters, and many people do, but you can filter any addresses exactly the same way.) This is a perfectly legitimate use of RFC1918 space, as long as those hosts expect no connectivity outside their own network. Many people use RFC1918 on WAN links and whatnot to preserve their ARIN allocations for "real" hosts. Read the RFC for more info.
-Barry Shein
TTFN, patrick I Am Not An Isp www.ianai.net "Think of it as evolution in action." - Niven & Pournelle
Doesn't this break MTU path discovery though? ------- John Fraizer (tvo) | __ _ The System Administrator | / / (_)__ __ ____ __ | The choice mailto:tvo@EnterZone.Net | / /__/ / _ \/ // /\ \/ / | of a GNU http://www.EnterZone.Net/ | /____/_/_//_/\_,_/ /_/\_\ | Generation A 486 is a terrible thing to waste... On Wed, 14 Oct 1998, I Am Not An Isp wrote:
At 05:11 PM 10/14/98 -0400, Barry Shein wrote:
The following traceroute seems to indicate, according to ARIN, that someone is running routers for spammers in the IANA Reserved netspace?
[SNIP]
8 bs-jackson-gw.customer.alter.net (157.130.65.226) 107 ms 132 ms 96 ms 9 172.17.80.46 (172.17.80.46) 59 ms 53 ms 44 ms 10 172.21.210.18 (172.21.210.18) 122 ms 96 ms 49 ms 11 209.149.111.17 (209.149.111.17) 53 ms (ttl=118!) 58 ms (ttl=118!) 150 ms (ttl=118!)
What's going on here?
Barry, 172.16.0.0/12 is part of RFC1918 space. There is no prohibition of addressing routers with these addresses, and in fact I do not know of a router that will route RFC1918 space differently than any other IP address. (Of course, you can put in filters, and many people do, but you can filter any addresses exactly the same way.) This is a perfectly legitimate use of RFC1918 space, as long as those hosts expect no connectivity outside their own network. Many people use RFC1918 on WAN links and whatnot to preserve their ARIN allocations for "real" hosts. Read the RFC for more info.
-Barry Shein
TTFN, patrick
I Am Not An Isp www.ianai.net "Think of it as evolution in action." - Niven & Pournelle
On Fri, 16 Oct 1998, tvo wrote:
Doesn't this break MTU path discovery though?
Yes. It breaks anything where ICMP messages have to get back to the origin system because it is perfectly legitimate (or necessary if they are used internally) for systems to filter ICMP from private address space. Note that if there is no MTU change at that point, there is no problem because there will never (well, almost never and the almost is dependent on having funky/broken routers) be any reason to be unable to fragment at that hop. As always, http://www.worldgate.com/~marcs/mtu/ for details on PMTU-D and why you break it and why you don't want to break it. This is _NOT_ just one of those odd theoretical problems but I have seen it in the real world (ATM <--> fast enet). I suspect that most people who have this problem don't know about it and could take a lot of convincing to understand it. It would appear, at first glance, that an option to configure your router to use a routed address (since most such routers have at least one routed address) for generating such ICMP would avoid the problem, at the expense of lying and the possible (human) confusion that could entail.
Somebody's router config is broken. This is the reserved /12 for enterprise addresses. I would look at whoever Alternet's bs-jackson customer is. At 05:11 PM 10/14/98 -0400, Barry Shein wrote:
The following traceroute seems to indicate, according to ARIN, that someone is running routers for spammers in the IANA Reserved netspace?
First a traceroute:
world% traceroute www.libidomax.com traceroute to www.libidomax.com (209.149.111.17), 30 hops max, 40 byte
packets
1 Boston-STD-F.std.com (199.172.62.80) 17 ms 4 ms 4 ms 2 553.Hssi2-0.GW2.BOS1.ALTER.NET (157.130.10.129) 59 ms 107 ms 69 ms 3 124.ATM3-0.XR1.BOS1.ALTER.NET (146.188.176.250) 77 ms 54 ms 37 ms 4 191.ATM2-0.TR1.NYC1.ALTER.NET (146.188.179.82) 38 ms 51 ms 51 ms 5 104.ATM7-0.TR1.ATL1.ALTER.NET (146.188.136.57) 80 ms 87 ms 133 ms 6 100.ATM7-0.XR1.ATL1.ALTER.NET (146.188.232.85) 91 ms 141 ms 63 ms 7 195.ATM10-0-0.GW1.JAX1.ALTER.NET (146.188.232.169) 53 ms 81 ms 107 ms 8 bs-jackson-gw.customer.alter.net (157.130.65.226) 107 ms 132 ms 96 ms 9 172.17.80.46 (172.17.80.46) 59 ms 53 ms 44 ms 10 172.21.210.18 (172.21.210.18) 122 ms 96 ms 49 ms 11 209.149.111.17 (209.149.111.17) 53 ms (ttl=118!) 58 ms (ttl=118!) 150 ms (ttl=118!)
Ok, now let's look up the 172.* addresses:
world% arin 172.17.80.46 IANA (IANA-BBLK-RESERVED) Internet Assigned Numbers Authority Information Sciences Institute University of Southern California 4676 Admiralty Way, Suite 1001 Marina del Rey, CA 90292-6695
Netname: IANA-BBLK-RESERVED Netblock: 172.16.0.0 - 172.31.0.0
Coordinator: Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org (310) 822-1511
Domain System inverse mapping provided by:
BLACKHOLE.ISI.EDU 128.9.64.26 NS2.INTERNIC.NET 198.41.0.11
and I get the same result of course for the other 172 address so I'll save you the redundant cut and paste.
What's going on here?
-- -Barry Shein
Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
On Wed, 14 Oct 1998, Barry Shein wrote:
The following traceroute seems to indicate, according to ARIN, that someone is running routers for spammers in the IANA Reserved netspace?
Nope.
8 bs-jackson-gw.customer.alter.net (157.130.65.226) 107 ms 132 ms 96 ms 9 172.17.80.46 (172.17.80.46) 59 ms 53 ms 44 ms 10 172.21.210.18 (172.21.210.18) 122 ms 96 ms 49 ms 11 209.149.111.17 (209.149.111.17) 53 ms (ttl=118!) 58 ms (ttl=118!) 150 ms (ttl=118!)
Looks to me like BellSouth is using rfc-1918 private IP space for some of their routers. Possible reasons are conservation of address space and that it makes it difficult to directly access these routers from outside their network. I have heard of people doing temporary bogus route announcements and running spam servers from someone else's or unallocated IP space...but I don't think I've ever seen it first hand. Sadly, both my upstreams have really tight BGP filters, so I don't get to play any of these games. :) ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or Network Administrator | drawn and quartered...whichever Florida Digital Turnpike | is more convenient. ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
On Wed, 14 Oct 1998, Barry Shein wrote: | | The following traceroute seems to indicate, according to ARIN, that | someone is running routers for spammers in the IANA Reserved netspace? | You are mis-reading this because the 172 addresses are not routeable. In a traceroute, a router can say that it is any IP address it likes, but that does not mean that you can traceroute to 172.x.y.z... It just means that the routers are most likely using those IP addresses for private interconnect | First a traceroute: | | >world% traceroute www.libidomax.com | >traceroute to www.libidomax.com (209.149.111.17), 30 hops max, 40 byte packets | > 1 Boston-STD-F.std.com (199.172.62.80) 17 ms 4 ms 4 ms | > 2 553.Hssi2-0.GW2.BOS1.ALTER.NET (157.130.10.129) 59 ms 107 ms 69 ms | > 3 124.ATM3-0.XR1.BOS1.ALTER.NET (146.188.176.250) 77 ms 54 ms 37 ms | > 4 191.ATM2-0.TR1.NYC1.ALTER.NET (146.188.179.82) 38 ms 51 ms 51 ms | > 5 104.ATM7-0.TR1.ATL1.ALTER.NET (146.188.136.57) 80 ms 87 ms 133 ms | > 6 100.ATM7-0.XR1.ATL1.ALTER.NET (146.188.232.85) 91 ms 141 ms 63 ms | > 7 195.ATM10-0-0.GW1.JAX1.ALTER.NET (146.188.232.169) 53 ms 81 ms 107 ms | > 8 bs-jackson-gw.customer.alter.net (157.130.65.226) 107 ms 132 ms 96 ms | > 9 172.17.80.46 (172.17.80.46) 59 ms 53 ms 44 ms | >10 172.21.210.18 (172.21.210.18) 122 ms 96 ms 49 ms | >11 209.149.111.17 (209.149.111.17) 53 ms (ttl=118!) 58 ms (ttl=118!) 150 ms (ttl=118!) | | | | Ok, now let's look up the 172.* addresses: | | >world% arin 172.17.80.46 | >IANA (IANA-BBLK-RESERVED) | > Internet Assigned Numbers Authority | > Information Sciences Institute | > University of Southern California | > 4676 Admiralty Way, Suite 1001 | > Marina del Rey, CA 90292-6695 | > | > Netname: IANA-BBLK-RESERVED | > Netblock: 172.16.0.0 - 172.31.0.0 | > | > Coordinator: | > Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org | > (310) 822-1511 | > | > Domain System inverse mapping provided by: | > | > BLACKHOLE.ISI.EDU 128.9.64.26 | > NS2.INTERNIC.NET 198.41.0.11 | | and I get the same result of course for the other 172 address so I'll | save you the redundant cut and paste. | | What's going on here? | | -- | -Barry Shein | | Software Tool & Die | bzs@world.std.com | http://www.world.com | Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD | The World | Public Access Internet | Since 1989 *oo* | --- "Microsoft is to quality software what McDonalds is to gourmet cooking"
On Wed, 14 Oct 1998, Chris Cappuccio wrote:
On Wed, 14 Oct 1998, Barry Shein wrote:
| | The following traceroute seems to indicate, according to ARIN, that | someone is running routers for spammers in the IANA Reserved netspace? |
You are mis-reading this because the 172 addresses are not routeable. In a traceroute, a router can say that it is any IP address it likes, but that does not mean that you can traceroute to 172.x.y.z... It just means that the routers are most likely using those IP addresses for private interconnect
Yea, well, just 'cause it isn't routable doesn't mean people won't advertise it. I see that Sprint is still winning the bogus route advertisements war with: 1.1.1/30 1.1.1.4/30 1.1.1.8/30 1.1.1.12/30 1.1.1.16/30 1.1.1.20/30 1.1.1.24/30 2.52.228.144 Funny how when someone starts a bogus advertisement it is almost always sprint or a sprint customer.
participants (7)
-
Barry Shein -
Chris Cappuccio -
I Am Not An Isp -
Jon Lewis -
Marc Slemko -
tvo -
William S. Duncanson