Re: rfc1918 ignorant (fwd)
On Wed, 23 Jul 2003, Haesu wrote: Well, if uBR showing RFC1918 address out on the traceroute is an issue, why not just reverse the way its configured? Put RFC1918 as secondary, and put the routable addr as primary. Either way, it should work w/o issues, right? Hmm this could affect routing protocols which use the primary address.. I know quite a few people who purposely put a non-routable IP (whether it be 1918 or RIR-registered block) as primary on their interface, and use routable IP as secondary. Their reason for doing this is to somewhat hide their router's real interface IP from showing up in traceroute.. Well, it wouldn't completely 'hide' it, but to a certain level of degree, it probably does... Right but this one benefit doesnt make right the wrongs! I guess one thing you could do (if you really wanted to implement hacks) is to use the rfc1918 space on your routers and then nat them to a global ip at your borders.. achieves all your goals anyhow (not that i'd recommend it ;)
Re: Cisco vulnerability and dangerous filtering techniques
Plus, who wouldn't give up the CLI for a candy-based interface that smiles at you? Pete. you missed the :) there. --bill
RE: rfc1918 ignorant
Interesting. Did any of you note last month or so that Sprint US came out with a notice that they are no longer going to router /30 ptp subnets unless the customer specifically asks for it? Could that be why 10.x.y.z is showing up here? Sprint??? you out there? -Original Message- From: Haesu [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 12:53 PM To: Vinny Abello; [EMAIL PROTECTED] Subject: Re: rfc1918 ignorant Heh, check this out. traceroute to 219.168.64.121 (219.168.64.121), 64 hops max, 44 byte packets 1 216.93.161.1 (216.93.161.1) 0.532 ms 0.518 ms 0.405 ms 2 66.7.159.33 (66.7.159.33) 0.796 ms 0.667 ms 0.543 ms 3 gigabitethernet8-0-513.ipcolo1.SanFrancisco1.Level3.net (63.211.150.225) 0.541 ms 0.478 ms 0.834 ms 4 gigabitethernet4-1.core1.SanFrancisco1.Level3.net (209.244.14.197) 0.547 ms 0.486 ms 0.530 ms 5 so-4-0-0.mp2.SanFrancisco1.Level3.net (209.247.10.233) 0.741 ms 0.729 ms 0.731 ms 6 so-2-0-0.mp2.SanJose1.Level3.net (64.159.0.218) 1.677 ms 1.510 ms 1.549 ms 7 unknown.Level3.net (64.159.2.102) 1.864 ms 1.851 ms 1.875 ms 8 sl-bb20-sj.sprintlink.net (209.245.146.142) 3.110 ms 3.831 ms 3.321 ms 9 sl-bb22-sj-14-0.sprintlink.net (144.232.3.165) 7.127 ms 3.290 ms 3.331 ms 10 sl-bb20-tok-13-1.sprintlink.net (144.232.20.188) 113.739 ms 113.731 ms 113.874 ms 11 sl-gw10-tok-15-0.sprintlink.net (203.222.36.42) 114.400 ms 114.051 ms 114.067 ms 12 sla-bbtech-2-0.sprintlink.net (203.222.37.106) 114.207 ms 114.295 ms 114.340 ms 13 10.9.17.10 (10.9.17.10) 101.595 ms 101.580 ms 101.771 ms 14 10.0.13.2 (10.0.13.2) 119.025 ms 118.765 ms 118.833 ms 15 10.4.10.2 (10.4.10.2) 134.809 ms 134.536 ms 134.668 ms 16 10.3.10.130 (10.3.10.130) 134.526 ms 135.004 ms 135.701 ms 17 10.10.0.25 (10.10.0.25) 135.291 ms 134.899 ms 135.293 ms 18 10.10.0.3 (10.10.0.3) 122.515 ms 122.210 ms 121.779 ms 19 10.10.0.11 (10.10.0.11) 135.643 ms 135.144 ms 135.438 ms 20 10.10.3.4 (10.10.3.4) 121.721 ms 121.872 ms 122.603 ms 21 10.10.3.36 (10.10.3.36) 135.069 ms 134.956 ms 135.330 ms 22 10.10.3.107 (10.10.3.107) 121.906 ms 122.708 ms 122.076 ms 23 YahooBB219168064121.bbtec.net (219.168.64.121) 147.137 ms 146.039 ms 147.453 ms -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867 On Wed, Jul 23, 2003 at 09:07:51AM -0400, Vinny Abello wrote: Heh... Check out Comcast. A large part of their network uses rfc1918: 216 ms 9 ms10 ms 10.110.168.1 315 ms10 ms11 ms 172.30.116.17 410 ms13 ms10 ms 172.30.116.50 514 ms12 ms26 ms 172.30.112.123 610 ms14 ms23 ms 172.30.110.105 At 08:48 AM 7/23/2003, you wrote: Is there a site to report networks/isps that still leak rfc1918 space? By leaking I not only mean don't filter, but actually _use_ in their network? If someone is keeping a list, feel free to add ServerBeach.com. All traceroutes to servers housed there, pass by 10.10.10.3. traceroute to www.serverbeach.com ... 20. 64-132-228-70.gen.twtelecom.net 21. 10.10.10.3 22. 66.139.72.12 Kind Regards, Frank Louwers -- Openminds bvbawww.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't.
RE: rfc1918 ignorant
According to the notice they send me on 7/1, this isn't supposed to take effect until Aug 17th or 18th for existing customers, and they didn't mention an option to specifically request that they not do this. However, there was a link: http://www.sprint.net/faq/serialip.html That explains that you can keep using your ptp IP if you request it, but in either case, they will no longer route their end of the IP. On Thu, 24 Jul 2003, McBurnett, Jim wrote: Interesting. Did any of you note last month or so that Sprint US came out with a notice that they are no longer going to router /30 ptp subnets unless the customer specifically asks for it? Could that be why 10.x.y.z is showing up here? Sprint??? you out there? -Original Message- From: Haesu [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 12:53 PM To: Vinny Abello; [EMAIL PROTECTED] Subject: Re: rfc1918 ignorant Heh, check this out. traceroute to 219.168.64.121 (219.168.64.121), 64 hops max, 44 byte packets 1 216.93.161.1 (216.93.161.1) 0.532 ms 0.518 ms 0.405 ms 2 66.7.159.33 (66.7.159.33) 0.796 ms 0.667 ms 0.543 ms 3 gigabitethernet8-0-513.ipcolo1.SanFrancisco1.Level3.net (63.211.150.225) 0.541 ms 0.478 ms 0.834 ms 4 gigabitethernet4-1.core1.SanFrancisco1.Level3.net (209.244.14.197) 0.547 ms 0.486 ms 0.530 ms 5 so-4-0-0.mp2.SanFrancisco1.Level3.net (209.247.10.233) 0.741 ms 0.729 ms 0.731 ms 6 so-2-0-0.mp2.SanJose1.Level3.net (64.159.0.218) 1.677 ms 1.510 ms 1.549 ms 7 unknown.Level3.net (64.159.2.102) 1.864 ms 1.851 ms 1.875 ms 8 sl-bb20-sj.sprintlink.net (209.245.146.142) 3.110 ms 3.831 ms 3.321 ms 9 sl-bb22-sj-14-0.sprintlink.net (144.232.3.165) 7.127 ms 3.290 ms 3.331 ms 10 sl-bb20-tok-13-1.sprintlink.net (144.232.20.188) 113.739 ms 113.731 ms 113.874 ms 11 sl-gw10-tok-15-0.sprintlink.net (203.222.36.42) 114.400 ms 114.051 ms 114.067 ms 12 sla-bbtech-2-0.sprintlink.net (203.222.37.106) 114.207 ms 114.295 ms 114.340 ms 13 10.9.17.10 (10.9.17.10) 101.595 ms 101.580 ms 101.771 ms 14 10.0.13.2 (10.0.13.2) 119.025 ms 118.765 ms 118.833 ms 15 10.4.10.2 (10.4.10.2) 134.809 ms 134.536 ms 134.668 ms 16 10.3.10.130 (10.3.10.130) 134.526 ms 135.004 ms 135.701 ms 17 10.10.0.25 (10.10.0.25) 135.291 ms 134.899 ms 135.293 ms 18 10.10.0.3 (10.10.0.3) 122.515 ms 122.210 ms 121.779 ms 19 10.10.0.11 (10.10.0.11) 135.643 ms 135.144 ms 135.438 ms 20 10.10.3.4 (10.10.3.4) 121.721 ms 121.872 ms 122.603 ms 21 10.10.3.36 (10.10.3.36) 135.069 ms 134.956 ms 135.330 ms 22 10.10.3.107 (10.10.3.107) 121.906 ms 122.708 ms 122.076 ms 23 YahooBB219168064121.bbtec.net (219.168.64.121) 147.137 ms 146.039 ms 147.453 ms -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867 On Wed, Jul 23, 2003 at 09:07:51AM -0400, Vinny Abello wrote: Heh... Check out Comcast. A large part of their network uses rfc1918: 216 ms 9 ms10 ms 10.110.168.1 315 ms10 ms11 ms 172.30.116.17 410 ms13 ms10 ms 172.30.116.50 514 ms12 ms26 ms 172.30.112.123 610 ms14 ms23 ms 172.30.110.105 At 08:48 AM 7/23/2003, you wrote: Is there a site to report networks/isps that still leak rfc1918 space? By leaking I not only mean don't filter, but actually _use_ in their network? If someone is keeping a list, feel free to add ServerBeach.com. All traceroutes to servers housed there, pass by 10.10.10.3. traceroute to www.serverbeach.com ... 20. 64-132-228-70.gen.twtelecom.net 21. 10.10.10.3 22. 66.139.72.12 Kind Regards, Frank Louwers -- Openminds bvbawww.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't. James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
Re: source filtering (Re: rfc1918 ignorant)
On Wed, 23 Jul 2003, Jared Mauch wrote: I think you'll see more and more networks slowly over time move closer to bcp38. Is there anywhere that this is recorded? It would be interesting to see what the actual state of play on implementation of BCP38 was. I believe that ATT is the only tier-1 provider that is in full compliance with this. We've asked other tier-1's about BCP38 and were completely underwhelmed by the response. If you believe in the BCPs then I guess you just have to vote with your feet and try to use transit providers which comply with them. We've been trying to get transit from ATT in London for a while now, but they're obviously spending all their efforts on blocking RFC1918 traffic rather than talking to prospective customers. :-S Rich
RE: rfc1918 ignorant
I have a friend who is in SprintLink as a customer and he has VPN routers that this would take down... He called and they will route it.. Also, I got an offlist reply from a network services tech, and he said they would route if a customer requests it. J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 8:44 AM To: [EMAIL PROTECTED] Subject: RE: rfc1918 ignorant According to the notice they send me on 7/1, this isn't supposed to take effect until Aug 17th or 18th for existing customers, and they didn't mention an option to specifically request that they not do this. However, there was a link: http://www.sprint.net/faq/serialip.html That explains that you can keep using your ptp IP if you request it, but in either case, they will no longer route their end of the IP. On Thu, 24 Jul 2003, McBurnett, Jim wrote: Interesting. Did any of you note last month or so that Sprint US came out with a notice that they are no longer going to router /30 ptp subnets unless the customer specifically asks for it? Could that be why 10.x.y.z is showing up here? Sprint??? you out there? -Original Message- From: Haesu [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 12:53 PM To: Vinny Abello; [EMAIL PROTECTED] Subject: Re: rfc1918 ignorant Heh, check this out. traceroute to 219.168.64.121 (219.168.64.121), 64 hops max, 44 byte packets 1 216.93.161.1 (216.93.161.1) 0.532 ms 0.518 ms 0.405 ms 2 66.7.159.33 (66.7.159.33) 0.796 ms 0.667 ms 0.543 ms 3 gigabitethernet8-0-513.ipcolo1.SanFrancisco1.Level3.net (63.211.150.225) 0.541 ms 0.478 ms 0.834 ms 4 gigabitethernet4-1.core1.SanFrancisco1.Level3.net (209.244.14.197) 0.547 ms 0.486 ms 0.530 ms 5 so-4-0-0.mp2.SanFrancisco1.Level3.net (209.247.10.233) 0.741 ms 0.729 ms 0.731 ms 6 so-2-0-0.mp2.SanJose1.Level3.net (64.159.0.218) 1.677 ms 1.510 ms 1.549 ms 7 unknown.Level3.net (64.159.2.102) 1.864 ms 1.851 ms 1.875 ms 8 sl-bb20-sj.sprintlink.net (209.245.146.142) 3.110 ms 3.831 ms 3.321 ms 9 sl-bb22-sj-14-0.sprintlink.net (144.232.3.165) 7.127 ms 3.290 ms 3.331 ms 10 sl-bb20-tok-13-1.sprintlink.net (144.232.20.188) 113.739 ms 113.731 ms 113.874 ms 11 sl-gw10-tok-15-0.sprintlink.net (203.222.36.42) 114.400 ms 114.051 ms 114.067 ms 12 sla-bbtech-2-0.sprintlink.net (203.222.37.106) 114.207 ms 114.295 ms 114.340 ms 13 10.9.17.10 (10.9.17.10) 101.595 ms 101.580 ms 101.771 ms 14 10.0.13.2 (10.0.13.2) 119.025 ms 118.765 ms 118.833 ms 15 10.4.10.2 (10.4.10.2) 134.809 ms 134.536 ms 134.668 ms 16 10.3.10.130 (10.3.10.130) 134.526 ms 135.004 ms 135.701 ms 17 10.10.0.25 (10.10.0.25) 135.291 ms 134.899 ms 135.293 ms 18 10.10.0.3 (10.10.0.3) 122.515 ms 122.210 ms 121.779 ms 19 10.10.0.11 (10.10.0.11) 135.643 ms 135.144 ms 135.438 ms 20 10.10.3.4 (10.10.3.4) 121.721 ms 121.872 ms 122.603 ms 21 10.10.3.36 (10.10.3.36) 135.069 ms 134.956 ms 135.330 ms 22 10.10.3.107 (10.10.3.107) 121.906 ms 122.708 ms 122.076 ms 23 YahooBB219168064121.bbtec.net (219.168.64.121) 147.137 ms 146.039 ms 147.453 ms -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867 On Wed, Jul 23, 2003 at 09:07:51AM -0400, Vinny Abello wrote: Heh... Check out Comcast. A large part of their network uses rfc1918: 216 ms 9 ms10 ms 10.110.168.1 315 ms10 ms11 ms 172.30.116.17 410 ms13 ms10 ms 172.30.116.50 514 ms12 ms26 ms 172.30.112.123 610 ms14 ms23 ms 172.30.110.105 At 08:48 AM 7/23/2003, you wrote: Is there a site to report networks/isps that still leak rfc1918 space? By leaking I not only mean don't filter, but actually _use_ in their network? If someone is keeping a list, feel free to add ServerBeach.com. All traceroutes to servers housed there, pass by 10.10.10.3. traceroute to www.serverbeach.com ... 20. 64-132-228-70.gen.twtelecom.net 21. 10.10.10.3 22. 66.139.72.12 Kind Regards, Frank Louwers -- Openminds bvbawww.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't. James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
Re: rfc1918 ignorant
By the way, doesn´t this break PMTU if the far end device has tunnels or such which have lower MTU than on the p2p link? (because the packets would be dropped by loose RPF external to sprintlink) Pete - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 3:44 PM Subject: RE: rfc1918 ignorant According to the notice they send me on 7/1, this isn't supposed to take effect until Aug 17th or 18th for existing customers, and they didn't mention an option to specifically request that they not do this. However, there was a link: http://www.sprint.net/faq/serialip.html That explains that you can keep using your ptp IP if you request it, but in either case, they will no longer route their end of the IP. On Thu, 24 Jul 2003, McBurnett, Jim wrote: Interesting. Did any of you note last month or so that Sprint US came out with a notice that they are no longer going to router /30 ptp subnets unless the customer specifically asks for it? Could that be why 10.x.y.z is showing up here? Sprint??? you out there? -Original Message- From: Haesu [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 12:53 PM To: Vinny Abello; [EMAIL PROTECTED] Subject: Re: rfc1918 ignorant Heh, check this out. traceroute to 219.168.64.121 (219.168.64.121), 64 hops max, 44 byte packets 1 216.93.161.1 (216.93.161.1) 0.532 ms 0.518 ms 0.405 ms 2 66.7.159.33 (66.7.159.33) 0.796 ms 0.667 ms 0.543 ms 3 gigabitethernet8-0-513.ipcolo1.SanFrancisco1.Level3.net (63.211.150.225) 0.541 ms 0.478 ms 0.834 ms 4 gigabitethernet4-1.core1.SanFrancisco1.Level3.net (209.244.14.197) 0.547 ms 0.486 ms 0.530 ms 5 so-4-0-0.mp2.SanFrancisco1.Level3.net (209.247.10.233) 0.741 ms 0.729 ms 0.731 ms 6 so-2-0-0.mp2.SanJose1.Level3.net (64.159.0.218) 1.677 ms 1.510 ms 1.549 ms 7 unknown.Level3.net (64.159.2.102) 1.864 ms 1.851 ms 1.875 ms 8 sl-bb20-sj.sprintlink.net (209.245.146.142) 3.110 ms 3.831 ms 3.321 ms 9 sl-bb22-sj-14-0.sprintlink.net (144.232.3.165) 7.127 ms 3.290 ms 3.331 ms 10 sl-bb20-tok-13-1.sprintlink.net (144.232.20.188) 113.739 ms 113.731 ms 113.874 ms 11 sl-gw10-tok-15-0.sprintlink.net (203.222.36.42) 114.400 ms 114.051 ms 114.067 ms 12 sla-bbtech-2-0.sprintlink.net (203.222.37.106) 114.207 ms 114.295 ms 114.340 ms 13 10.9.17.10 (10.9.17.10) 101.595 ms 101.580 ms 101.771 ms 14 10.0.13.2 (10.0.13.2) 119.025 ms 118.765 ms 118.833 ms 15 10.4.10.2 (10.4.10.2) 134.809 ms 134.536 ms 134.668 ms 16 10.3.10.130 (10.3.10.130) 134.526 ms 135.004 ms 135.701 ms 17 10.10.0.25 (10.10.0.25) 135.291 ms 134.899 ms 135.293 ms 18 10.10.0.3 (10.10.0.3) 122.515 ms 122.210 ms 121.779 ms 19 10.10.0.11 (10.10.0.11) 135.643 ms 135.144 ms 135.438 ms 20 10.10.3.4 (10.10.3.4) 121.721 ms 121.872 ms 122.603 ms 21 10.10.3.36 (10.10.3.36) 135.069 ms 134.956 ms 135.330 ms 22 10.10.3.107 (10.10.3.107) 121.906 ms 122.708 ms 122.076 ms 23 YahooBB219168064121.bbtec.net (219.168.64.121) 147.137 ms 146.039 ms 147.453 ms -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867 On Wed, Jul 23, 2003 at 09:07:51AM -0400, Vinny Abello wrote: Heh... Check out Comcast. A large part of their network uses rfc1918: 216 ms 9 ms10 ms 10.110.168.1 315 ms10 ms11 ms 172.30.116.17 410 ms13 ms10 ms 172.30.116.50 514 ms12 ms26 ms 172.30.112.123 610 ms14 ms23 ms 172.30.110.105 At 08:48 AM 7/23/2003, you wrote: Is there a site to report networks/isps that still leak rfc1918 space? By leaking I not only mean don't filter, but actually _use_ in their network? If someone is keeping a list, feel free to add ServerBeach.com. All traceroutes to servers housed there, pass by 10.10.10.3. traceroute to www.serverbeach.com ... 20. 64-132-228-70.gen.twtelecom.net 21. 10.10.10.3 22. 66.139.72.12 Kind Regards, Frank Louwers -- Openminds bvbawww.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't. James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
Re: rfc1918 ignorant (fwd)
Hmm this could affect routing protocols which use the primary address.. I haven't tried doing that with igp protocols.. But with BGP, it works does manage to bind itself to the working address. (Or if you are sourcing update to loopback, that would be fine too) Right but this one benefit doesnt make right the wrongs! I guess one thing you could do (if you really wanted to implement hacks) is to use the rfc1918 space on your routers and then nat them to a global ip at your borders.. achieves all your goals anyhow (not that i'd recommend it ;) The thing is... some people want to hide the IP of the interface that faces their transit on the border router, as most /30 demarcation subnet is assigned from the transit. And since they would run either bgp or static route between the transit and their border router, it shouldn't break routing.. -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867
Re: rfc1918 ignorant
Interesting. Did any of you note last month or so that Sprint US came out with a notice that they are no longer going to router /30 ptp subnets unless the customer specifically asks for it? Could that be why 10.x.y.z is showing up here? No. :) 12 sla-bbtech-2-0.sprintlink.net (203.222.37.106) 114.207 ms 114.295 ms 114.340 ms In this example, bbtech (the one shown in example traceroute below) uses 1918 as transit space on their network. Looks cute though with so many 1918 hops (heh, not that i recommend it!) -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867 Sprint??? you out there? -Original Message- From: Haesu [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 12:53 PM To: Vinny Abello; [EMAIL PROTECTED] Subject: Re: rfc1918 ignorant Heh, check this out. traceroute to 219.168.64.121 (219.168.64.121), 64 hops max, 44 byte packets 1 216.93.161.1 (216.93.161.1) 0.532 ms 0.518 ms 0.405 ms 2 66.7.159.33 (66.7.159.33) 0.796 ms 0.667 ms 0.543 ms 3 gigabitethernet8-0-513.ipcolo1.SanFrancisco1.Level3.net (63.211.150.225) 0.541 ms 0.478 ms 0.834 ms 4 gigabitethernet4-1.core1.SanFrancisco1.Level3.net (209.244.14.197) 0.547 ms 0.486 ms 0.530 ms 5 so-4-0-0.mp2.SanFrancisco1.Level3.net (209.247.10.233) 0.741 ms 0.729 ms 0.731 ms 6 so-2-0-0.mp2.SanJose1.Level3.net (64.159.0.218) 1.677 ms 1.510 ms 1.549 ms 7 unknown.Level3.net (64.159.2.102) 1.864 ms 1.851 ms 1.875 ms 8 sl-bb20-sj.sprintlink.net (209.245.146.142) 3.110 ms 3.831 ms 3.321 ms 9 sl-bb22-sj-14-0.sprintlink.net (144.232.3.165) 7.127 ms 3.290 ms 3.331 ms 10 sl-bb20-tok-13-1.sprintlink.net (144.232.20.188) 113.739 ms 113.731 ms 113.874 ms 11 sl-gw10-tok-15-0.sprintlink.net (203.222.36.42) 114.400 ms 114.051 ms 114.067 ms 12 sla-bbtech-2-0.sprintlink.net (203.222.37.106) 114.207 ms 114.295 ms 114.340 ms 13 10.9.17.10 (10.9.17.10) 101.595 ms 101.580 ms 101.771 ms 14 10.0.13.2 (10.0.13.2) 119.025 ms 118.765 ms 118.833 ms 15 10.4.10.2 (10.4.10.2) 134.809 ms 134.536 ms 134.668 ms 16 10.3.10.130 (10.3.10.130) 134.526 ms 135.004 ms 135.701 ms 17 10.10.0.25 (10.10.0.25) 135.291 ms 134.899 ms 135.293 ms 18 10.10.0.3 (10.10.0.3) 122.515 ms 122.210 ms 121.779 ms 19 10.10.0.11 (10.10.0.11) 135.643 ms 135.144 ms 135.438 ms 20 10.10.3.4 (10.10.3.4) 121.721 ms 121.872 ms 122.603 ms 21 10.10.3.36 (10.10.3.36) 135.069 ms 134.956 ms 135.330 ms 22 10.10.3.107 (10.10.3.107) 121.906 ms 122.708 ms 122.076 ms 23 YahooBB219168064121.bbtec.net (219.168.64.121) 147.137 ms 146.039 ms 147.453 ms -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867 On Wed, Jul 23, 2003 at 09:07:51AM -0400, Vinny Abello wrote: Heh... Check out Comcast. A large part of their network uses rfc1918: 216 ms 9 ms10 ms 10.110.168.1 315 ms10 ms11 ms 172.30.116.17 410 ms13 ms10 ms 172.30.116.50 514 ms12 ms26 ms 172.30.112.123 610 ms14 ms23 ms 172.30.110.105 At 08:48 AM 7/23/2003, you wrote: Is there a site to report networks/isps that still leak rfc1918 space? By leaking I not only mean don't filter, but actually _use_ in their network? If someone is keeping a list, feel free to add ServerBeach.com. All traceroutes to servers housed there, pass by 10.10.10.3. traceroute to www.serverbeach.com ... 20. 64-132-228-70.gen.twtelecom.net 21. 10.10.10.3 22. 66.139.72.12 Kind Regards, Frank Louwers -- Openminds bvbawww.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't.
Re: source filtering (Re: rfc1918 ignorant)
On Thu, Jul 24, 2003 at 01:44:33PM +0100, [EMAIL PROTECTED] wrote: On Wed, 23 Jul 2003, Jared Mauch wrote: I think you'll see more and more networks slowly over time move closer to bcp38. Is there anywhere that this is recorded? It would be interesting to see what the actual state of play on implementation of BCP38 was. I can speak about the networks that I operate with regards to this: AS2914 performs source filtering on a significant number of our customers. This coverage is not 100%, and sometimes is only the 'loose' rpf check, but there are a significant number of customers that have the strict rpf check that was enabled some time ago without any problems (we watched counters for drops, and looked at the packets that were dropped to determine if there was some asymetrical routing going on). It was shocking how many t1 customers that had a /28 or similar routed to them were spoofing address space outside of the continent. I am personally trying to insure that our IPv6 infrastructure begins with filtering in place instead of adding it on later as an afterthought. I believe that ATT is the only tier-1 provider that is in full compliance with this. We've asked other tier-1's about BCP38 and were completely underwhelmed by the response. If you believe in the BCPs then I guess you just have to vote with your feet and try to use transit providers which comply with them. Well, i'm sure that some providers face the challenges that some of the older router hardware can't do linerate filtering for unicast-rpf. It's sometimes dificult to get this stuff out of the network as managment wants to extend the lifetime of working hardware as long as possible to reduce capital expendetures. network security vs budgets.. /sigh. - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
RE: rfc1918 ignorant (fwd)
Unfortunately, the vast majority of Cable modems use the private (CM or Docsis) MAC address for management and present the primary (CPE) MAC address to attached equipment. E.G.- a cable provider has two DHCP scopes configured- a.b.c.d (RFC 1918) and w.x.y.z (Public Space). In Cisco land at least, the CMTS is configured with cable-helper which relays the CM MAC address to the DHCP server from the primary address of the Cable Interface and the CPE MAC Address is relayed from the secondary address of the Cable Interface. The CM interface is used for management of the system and such- a key example is to transfer the DOCSIS configuration file which does things such as setting rate limits, QoS parameters and lots of other parameters dreamt up by cable-labs. The utility of this design is something I will choose to avoid commenting on at this time. --D -- -- Darren Bolding -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haesu Sent: Wednesday, July 23, 2003 5:10 PM To: [EMAIL PROTECTED] Subject: Re: rfc1918 ignorant (fwd) Well, if uBR showing RFC1918 address out on the traceroute is an issue, why not just reverse the way its configured? Put RFC1918 as secondary, and put the routable addr as primary. Either way, it should work w/o issues, right? I know quite a few people who purposely put a non-routable IP (whether it be 1918 or RIR-registered block) as primary on their interface, and use routable IP as secondary. Their reason for doing this is to somewhat hide their router's real interface IP from showing up in traceroute.. Well, it wouldn't completely 'hide' it, but to a certain level of degree, it probably does... -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: [EMAIL PROTECTED] Cell: (978) 394-2867 On Wed, Jul 23, 2003 at 07:21:25PM -0400, Jeff Wasilko wrote: On Wed, Jul 23, 2003 at 06:03:13PM -0400, Daniel Senie wrote: At 02:11 PM 7/23/2003, Dave Temkin wrote: 2003 7:07 AM:] Comcast and many others seem to blithely ignore this for convenience sake. (It's not like they need a huge amount of space to give private addresses to these links.) ARIN required cable operators to use RFC 1918 space for the management agents of the bridge cable modems that have been rolled out to the millions of residential cable modem customers. Doing so obviously requires a 1918 address on the cable router, but Cisco's implementation requires that address to be the primary interface address. There is also a publicly routable secondary which in fact is the gateway address to the customer, but isn't the address returned in a traceroute. Cisco has by far the lead in market share of the first gen Docsis cable modem router market so any trace to a cable modem customer is going to show this. When MediaOne (remember them?) deployed the cable modems here (LanCity stuff, originally), traceroutes did NOT show the 10/8 address from the router at the head end. ATT bought MediaOne, and now we've got Comcast. The service quality has stayed low, and the price has jumped quite a bit, and somewhere along the line a change happened and the 10/8 address of the router did start showing up. Now it's possible the router in the head end got changed and that was the cause. I really don't know. That's exactly what happened. The Lancity equipment were bridges, so you never saw them in traceroutes. The head-end bridges were aggregated into switches which were connected to routers. The Cisco uBR is a router, so you see the cable interface (which is typically rfc1918 space) showing up in traceroutes from the CPE out. Note that you don't see it on traceroutes towards the CPE since you see the 'internet facing' interface on the uBR. -j
Qwest in Albany, GA
Is there anyone collocated with Qwest in Albany, GA? If so reply to me off-list? Thanks! -Vin
anyone from insightbb.com on the list?
NT. -Drew
Carriers using CES in the wild?
Is anyone aware of any carriers that are using CES as a transport method as private line and aren't necessarily selling it as such? (ie, I've ordered a DS-3 from point A to point B, and instead of the carrier dropping it as standard TDM it's CES through their network...) Thanks, -- David Temkin
Elan.net/Bizcom/William/Scam
William you have 2 /19's (64.68.0.0/19 and 216.151.192.0/19) i would like to see why you do ? There is no elan.net in 411 or ca biz directory. Are you the king of hijacked website makers a Hijacker yourself? You put kall8.com fake phone numbers on your arin poc's that go to nowhere? I did an rdns scan and there is like NOTHING hosted on EITHER of your /19's . Lets recap -NO phone numbers that work . no real website www.biz1.com all phone numbers for said compnay dead..all phone numbers even his nextel number is dead for support. check out www.elan.net wow a blank page with a cheap 1liner sounds like a legit isp to me with NO TELEPHONE NUMBER ANYWHERE ON ANYTHING JUST A CHEEZY VOICEMAIL . So william are you really william? I think the nanog comunity deserves some REAL anwsers. Looks like your hijacking ips yourself. -DM Free multi-lingualweb-based and POP3 email service with a generous 15MB of storage, a choice of themes for your mailbox, message filtering, plus spam and virus protection Sign upnow: http://www.gawab.com
Re: Carriers using CES in the wild?
On Thu, Jul 24, 2003 at 09:50:30PM -0400, Dave Temkin wrote: Is anyone aware of any carriers that are using CES as a transport method as private line and aren't necessarily selling it as such? (ie, I've ordered a DS-3 from point A to point B, and instead of the carrier dropping it as standard TDM it's CES through their network...) What you are speaking of is most likely what juniper calls CCC. L2 transport over their network. Not too dificult to set up but as usual the complications come in the realm of redundancy and network reconvergence. I'd pay close attention to the SLA offered, but it is probally similar to what is seen in a TDM network if they employ mpls fast reroute .. and if you're doing IP over this circuit, you will probally be less likely to notice any problems. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Elan.net/Bizcom/William/Scam
McBurnett, Jim writes: Mike, Have you sent this to ARIN? Just Curious... Jim Hiya Jim, I CC'ed ARIN and Saavis on that post as well. -MD Free multi-lingualweb-based and POP3 email service with a generous 15MB of storage, a choice of themes for your mailbox, message filtering, plus spam and virus protection Sign upnow: http://www.gawab.com
Re: Elan.net/Bizcom/William/Scam
On Fri, Jul 25, 2003 at 03:27:55AM +, Mike Jones wrote: McBurnett, Jim writes: Mike, Have you sent this to ARIN? Just Curious... I CC'ed ARIN and Saavis on that post as well. The ARIN handles for both networks appear to be valid. While I'm not going to rise to the flamebait here (other than to say that most of your statements appear to be incorrect), I would suggest that you avoid posting in HTML format. In addition, your message isn't really on topic for the list, and may well be in violation of one or more points of the NANOG charter (http://www.nanog.org/aup.html). -- Since when is skepticism un-American? Dissent's not treason but they talk like it's the same... (Sleater-Kinney - Combat Rock)
