North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: 69/8...this sucks -- Centralizing filtering..
Monday, March 10, 2003, 9:52:06 AM, you wrote: jlo> I think the only way that's relatively guaranteed to be effective is to jlo> move a critical resource (like the gtld-servers) into new IP blocks when jlo> previously reserved blocks are assigned to RIR's. I agree with you. But then since I've been allocated 69/8 I guess you can say I'm a bit biased. jlo> I still have a couple hundred thousand IPs to check (I'm going to step up jlo> the pace and see if I can get through the list today), but I already have jlo> a list of several hundred IPs in networks that ignore 69/8. The list jlo> includes such networks as NASA, the US DoD, and networks in China, Russia, jlo> and Poland. Those are just a few that I've done manual whois's for. jlo> I haven't decided yet whether I'll send automated messages to all the jlo> broken networks and give them time to respond and fix their filters, or jlo> just post them all to NANOG when the list is complete. jlo> Are people interested in seeing the full list (at least the ones I find) jlo> of networks that filter 69/8? Again, since I've been recently allocated in the 69/8 range, I'd love to see this completed list. We've only renumbered our internal workstations into this range, so no customer nets are affected as of yet. But we are about to plunge into our renumbering, so I'm sure customers are going to start yelling then. However, I think this is going to be an on-going problem, even if the gtld-servers were renumbered into 69/8. Do a simple Google search on ip firewalling. You'll find lots of examples using ipchains, iptables, etc, that show example configs. These example configs usually show 69/8 as a bogon network and recommends filtering them. So, in my opinion it's only going to be a matter of time before some network administrator looking to implement a firewall stumbles across one of these broken sample configs and breaks connectivity to me again. In essence, it's going to be an ongoing problem, sure we can fix networks now that we know are broken, but it's going to be an ongoing problem that we are going to have to deal with. Regards, Joe Boyce --- InterStar, Inc. - Shasta.com Internet Phone: +1 (530) 224-6866 x105 Email: email@example.com