North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Question on 220.127.116.11/8
On Sat, 14 Apr 2007, Jon R. Kibler wrote:
CYMRU has 7/8 listed as a bogon: http://www.cymru.com/Documents/bogon-dd.html
Their list is no more "authoritative" then mine and I suspect they simply did not look into this netblock case before. Another bogon tracking
system http://www.cidr-report.org/#Bogons does not list it as bogon even though it does see same 18.104.22.168/24 announcement by Sprint.
I'm also curious to know why you think that Sprintlink is blackholing it?
In case you're wondering they do route this block, here is where my
11 sl-bb20-rly-12-0.sprintlink.net (22.214.171.124) 79.181 ms 76.106 ms 77.925 ms
12 sl-bb20-tuk-11-0.sprintlink.net (126.96.36.199) 97.675 ms 97.748 ms 98.021 ms
13 sl-bb21-tuk-15-0.sprintlink.net (188.8.131.52) 97.672 ms 97.579 ms 280.387 ms
14 sl-bb21-lon-14-0.sprintlink.net (184.108.40.206) 168.667 ms 169.151 ms 179.363 ms
15 sl-bb23-lon-14-0.sprintlink.net (220.127.116.11) 168.879 ms 168.922 ms 168.716 ms
16 sl-bb21-ams-3-0.sprintlink.net (18.104.22.168) 161.711 ms 161.816 ms 180.609 ms
17 sl-bb20-ham-14-0.sprintlink.net (22.214.171.124) 167.782 ms 167.884 ms 167.716 ms
18 sl-gw2-ham-0-0-0.sprintlink.net (126.96.36.199) 167.770 ms 167.928 ms 168.193 ms
19 * * *
Last hop is in Germany which is a bit suspicious for supposed US DoD block but there are some military bases there after all...
Also there are some interesting messages about this netblock that one can find on the net, like say: http://www.monkey.org/openbsd/archive/misc/0207/msg01215.html http://irisheagle.blogspot.com/2006_03_01_irisheagle_archive.html
That said, it doesn't mean that the netblock is unused. Most likely it is
If that is the case and they started using it in the days of J Postel
with his permission, then its not a bogon. Conflicting information at
ARIN and especially that their info was updated in 2006 leads me to believe that's the case. Add to it that I have several copies of old
DoD hosts table and they all list it as "EDN-TEMP", but what it refers
to and if the block should or should not still be in use I don't know.
Unfortunately all of this does not mean you should allow (or deny) traffic from 188.8.131.52/8, but it also does not mean that if you do see any traffic that its necessarily unauthorized.