Re: Who is announcing bogons?
the fun part is watching the bgp announce/withdraws in unallocated space. (no matter what microsoft may have learned from their survey, most isp's don't seem to care which prefixes their bgp-speaking customers advertise.)
So which ISPs are confused? Bogon's don't spontaneously occur in BGP. Some ASN must originate them, and ASNs must pass them to other ASNs. BGP helpfully includes the ASNs in the path.
geoff huston is the only person i know who's making formal progress on that question. i know from some zebra log files that iana's unallocated space gets advertised from time to time, then withdrawn. presumably an attack was launched during the announcement but i don't have any data showing this.
What should be done about ASNs which repeatedly announce false or unauthorized routes?
apparently, nothing. to the extent that peering is by agreement, the majority of such agreements now in force do not require the other party to route-filter their customers. which is funny, since they tend to drone on endlessly about the importance of a 24x7 NOC, which in operational practice, matters lots less. (btw, anybody signed a peering agreement which requires an abuse@ mailbox yet?)
On Tue, 29 Apr 2003, Paul Vixie wrote:
geoff huston is the only person i know who's making formal progress on that question. i know from some zebra log files that iana's unallocated space gets advertised from time to time, then withdrawn. presumably an attack was launched during the announcement but i don't have any data showing this.
Looking at one log, the most persistant announcer of bogon space is AS 4554 (Bill Manning), Net 39.0.0.0/8. I don't know Mr. Manning's intentions, malicious or otherwise.
apparently, nothing. to the extent that peering is by agreement, the majority of such agreements now in force do not require the other party to route-filter their customers. which is funny, since they tend to drone on endlessly about the importance of a 24x7 NOC, which in operational practice, matters lots less.
I don't do peering anymore, but a peering agreement did include a paragraph concerning route filtering. Sorry, but it got translated by the lawyer along the way. "The parties shall use through the Interconnection Point only Autonomous System Numbers, Internet Protocol addresses, or other routing identifiers assigned or delegated in accordance with IANA, a mutually recognized address registry, or other mutually agreed procedure to the party or its customers. The parties will use reasonable efforts to screen routing identifiers not in compliance with this paragraph from distribution across the Interconnection Point." Of course, as you know, a peering agreement is about as enforcable as a ???? Well, I can't think of anything that unenforcable.
Looking at one log, the most persistant announcer of bogon space is AS 4554 (Bill Manning), Net 39.0.0.0/8.
I don't know Mr. Manning's intentions, malicious or otherwise.
as has been stated on this list several times over the past few years... net 39 was left in my care by my previous boss. --bill
On Tue, 29 Apr 2003 bmanning@karoshi.com wrote:
Looking at one log, the most persistant announcer of bogon space is AS 4554 (Bill Manning), Net 39.0.0.0/8.
I don't know Mr. Manning's intentions, malicious or otherwise.
as has been stated on this list several times over the past few years...
net 39 was left in my care by my previous boss.
The Cymru Team lists 39.0.0.0/8 as a bogon. Its a serious problem. Over the last two decades, records of address assignments have been lost. Yes, its just a 32-bit number (or 16-bit number or 128-bit number). A missing registry record doesn't cause a problem, unless someone starts blackholing routes or reusing addresses. While I think many of the bogons are mistakes, and some are due to malicious activity; we need to recognize the limitations of our data sources. If people are going to start blackholing previously allocated address space, or sub-delegations, our data isn't that great. As the saying goes, you can't prove a negative. We can confirm a positive registration.
On Tue, 29 Apr 2003 bmanning@karoshi.com wrote:
Looking at one log, the most persistant announcer of bogon space is AS 4554 (Bill Manning), Net 39.0.0.0/8.
I don't know Mr. Manning's intentions, malicious or otherwise.
as has been stated on this list several times over the past few years...
net 39 was left in my care by my previous boss.
The Cymru Team lists 39.0.0.0/8 as a bogon.
yes they do.
Its a serious problem. Over the last two decades, records of address assignments have been lost. Yes, its just a 32-bit number (or 16-bit number or 128-bit number). A missing registry record doesn't cause a problem, unless someone starts blackholing routes or reusing addresses.
yup. in addition to the missing records, we have folks who would like to re-write history by making changes to registry records without even basic checking in with the existing holders of the delegations.
While I think many of the bogons are mistakes, and some are due to malicious activity; we need to recognize the limitations of our data sources. If people are going to start blackholing previously allocated address space, or sub-delegations, our data isn't that great. As the saying goes, you can't prove a negative. We can confirm a positive registration.
you are correct, within limits. confirm with whom and when? --bill
net 39 was left in my care by my previous boss.
that time is past, and the purpose for which this was allocated was met, and you can return the block to IANA now.
yes, and it looks like nearly all the cruft that was put into play around that prefix is nearly gone. when its well and truely dead, I'll be happy to turn it in. --bill
On Thu, 1 May 2003 bmanning@karoshi.com wrote:
net 39 was left in my care by my previous boss.
that time is past, and the purpose for which this was allocated was met, and you can return the block to IANA now.
yes, and it looks like nearly all the cruft that was put into play around that prefix is nearly gone.when its well and truely dead, I'll be happy to turn it in.
If all the cruft is nearly gone, why is there a need to still announce 39.0.0.0/8? Can you perhaps explain what EP/IX needs to have 39.0.0.0/8 to be globally routed? Curious minds would like to know.
--bill
-Hank
On Thu, 1 May 2003 bmanning@karoshi.com wrote:
net 39 was left in my care by my previous boss.
that time is past, and the purpose for which this was allocated was met, and you can return the block to IANA now.
yes, and it looks like nearly all the cruft that was put into play around that prefix is nearly gone.when its well and truely dead, I'll be happy to turn it in.
If all the cruft is nearly gone, why is there a need to still announce 39.0.0.0/8? Can you perhaps explain what EP/IX needs to have 39.0.0.0/8 to be globally routed? Curious minds would like to know.
who said it needs to be globally routed?
On Tue, 29 Apr 2003 bmanning@karoshi.com wrote:
Looking at one log, the most persistant announcer of bogon space is AS 4554 (Bill Manning), Net 39.0.0.0/8.
I don't know Mr. Manning's intentions, malicious or otherwise.
as has been stated on this list several times over the past few years...
net 39 was left in my care by my previous boss.
He left me 37/8, but the whois never got updated. But seriously, 39/8 is listed as reserved and is in the bogon list. http://www.cymru.com/Documents/bogon-dd.html You might want to try getting things updated if 39 really belongs to someone. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | :) _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
At 05:21 PM 29-04-03 -0700, bmanning@karoshi.com wrote:
Looking at one log, the most persistant announcer of bogon space is AS 4554 (Bill Manning), Net 39.0.0.0/8.
I don't know Mr. Manning's intentions, malicious or otherwise.
as has been stated on this list several times over the past few years...
net 39 was left in my care by my previous boss.
If so then: http://www.iana.org/assignments/ipv4-address-space should be updated to reflect that. If RADB has: route: 39.0.0.0/8 descr: Exchange Point Networks PO 12317 Marina del Rey, CA. 90295 US origin: AS4554 mnt-by: MNT-EPNET changed: bmanning@karoshi.com 20020401 source: ARIN then there should be some amount of congruence between IANA and RADB. Incidentally, route-views shows only: route-views.oregon-ix.net>sho ip bgp 39.0.0.0 BGP routing table entry for 39.0.0.0/8, version 3729 Paths: (1 available, best #1) Not advertised to any peer 7500 2516 4554 202.249.2.86 from 202.249.2.86 (210.173.176.242) Origin incomplete, localpref 100, valid, external, best So we know JPNIC is not doing Bogon checking, while the 50+ others are doing Bogon filtering.
--bill
-Hank
At 05:21 PM 29-04-03 -0700, bmanning@karoshi.com wrote:
Looking at one log, the most persistant announcer of bogon space is AS 4554 (Bill Manning), Net 39.0.0.0/8.
I don't know Mr. Manning's intentions, malicious or otherwise.
as has been stated on this list several times over the past few years...
net 39 was left in my care by my previous boss.
If so then: http://www.iana.org/assignments/ipv4-address-space should be updated to reflect that.
It did reflect that and still should.
If RADB has: route: 39.0.0.0/8 descr: Exchange Point Networks PO 12317 Marina del Rey, CA. 90295 US origin: AS4554 mnt-by: MNT-EPNET changed: bmanning@karoshi.com 20020401 source: ARIN
then there should be some amount of congruence between IANA and RADB.
yupo..
participants (5)
-
bmanning@karoshi.com
-
Hank Nussbacher
-
jlewis@lewis.org
-
Paul Vixie
-
Sean Donelan