69/8 revisited

2003-03-28 Thread jlewis 

I've setup a little web site with the results of my ping sweep to attempt 
to locate as many networks as possible with outdated bogon filters.

http://69box.atlantic.net/

If you can't reach that, fix your network...or use the alternative 
non-69/8 hostname http://not69box.atlantic.net/

Number of IP's currently known to have 69/8 filter issues: 683
Number of /24 networks's currently known to have 69/8 filter issues: 511

Check out the site and see if you recognize any of the IPs.  You can 
test/remove IPs if they've become reachable, or test/add IPs if they have 
69/8 filter issues.

--
 Jon Lewis [EMAIL PROTECTED]|  I route
 System Administrator|  therefore you are
 Atlantic Net|  
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re 7/8 - was Re: 69/8 revisited

2003-03-28 Thread John Palmer 

Speaking of that, has 7/8 been allocated? Doesn't show it on IANA's list but
I saw several routes come in (7.1/16 comes to mind) a few days ago. 

- Original Message - 
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 28, 2003 12:36
Subject: 69/8 revisited


 
 I've setup a little web site with the results of my ping sweep to attempt 
 to locate as many networks as possible with outdated bogon filters.
 
 http://69box.atlantic.net/
 
 If you can't reach that, fix your network...or use the alternative 
 non-69/8 hostname http://not69box.atlantic.net/
 
 Number of IP's currently known to have 69/8 filter issues: 683
 Number of /24 networks's currently known to have 69/8 filter issues: 511
 
 Check out the site and see if you recognize any of the IPs.  You can 
 test/remove IPs if they've become reachable, or test/add IPs if they have 
 69/8 filter issues.
 
 --
  Jon Lewis [EMAIL PROTECTED]|  I route
  System Administrator|  therefore you are
  Atlantic Net|  
 _ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Re 7/8 - was Re: 69/8 revisited

2003-03-28 Thread Haesu 

Seems  like 7/8 was allocated to dept. of defense for quite a bit of
time..

OrgName:DoD Network Information Center
OrgID:  DNIC
Address:7990 Science Applications Ct
Address:M/S CV 50
City:   Vienna
StateProv:  VA
PostalCode: 22183-7000
Country:US

NetRange:   7.0.0.0 - 7.255.255.255
CIDR:   7.0.0.0/8
NetName:DISANET7
NetHandle:  NET-7-0-0-0-1
Parent:
NetType:Direct Allocation
Comment:Defense Information Systems Agency
Comment:DISA /D3
Comment:11440 Isaac Newton Square
Comment:Reston, VA 22090-5087 US
RegDate:1997-11-24
Updated:1998-09-26

TechHandle: MIL-HSTMST-ARIN
TechName:   Network DoD, Network
TechPhone:  +1-703-676-1051
TechEmail:  [EMAIL PROTECTED]

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName:   Network DoD, Network
OrgTechPhone:  +1-703-676-1051
OrgTechEmail:  [EMAIL PROTECTED]

On Fri, 28 Mar 2003, John Palmer wrote:


 Speaking of that, has 7/8 been allocated? Doesn't show it on IANA's list but
 I saw several routes come in (7.1/16 comes to mind) a few days ago.

 - Original Message -
 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Friday, March 28, 2003 12:36
 Subject: 69/8 revisited


 
  I've setup a little web site with the results of my ping sweep to attempt
  to locate as many networks as possible with outdated bogon filters.
 
  http://69box.atlantic.net/
 
  If you can't reach that, fix your network...or use the alternative
  non-69/8 hostname http://not69box.atlantic.net/
 
  Number of IP's currently known to have 69/8 filter issues: 683
  Number of /24 networks's currently known to have 69/8 filter issues: 511
 
  Check out the site and see if you recognize any of the IPs.  You can
  test/remove IPs if they've become reachable, or test/add IPs if they have
  69/8 filter issues.
 
  --
   Jon Lewis [EMAIL PROTECTED]|  I route
   System Administrator|  therefore you are
   Atlantic Net|
  _ http://www.lewis.org/~jlewis/pgp for PGP public key_

69/8 revisited

2003-03-19 Thread Rick Ernst 



We were just allocated a /17 out of 69/8.  With all off the recent traffic on
69/8 reachability problems, I asked ARIN if the allocation could come from a
different block.

Their answer was basically that 69/8 (only) is where they are allocating from
and that from reading NANOG, it appears that much of the problem has been
resolved.

I haven't seen any updated information that 69/8 is now working for people.
Is everyone just quiet about it, or have filters actually been updated making
this a non-issue?

Thanks,
Rick

Re: 69/8 revisited

2003-03-19 Thread Jared Mauch 

On Wed, Mar 19, 2003 at 09:42:46AM -0800, Rick Ernst wrote:
 We were just allocated a /17 out of 69/8.  With all off the recent traffic on
 69/8 reachability problems, I asked ARIN if the allocation could come from a
 different block.
 
 Their answer was basically that 69/8 (only) is where they are allocating from
 and that from reading NANOG, it appears that much of the problem has been
 resolved.
 
 I haven't seen any updated information that 69/8 is now working for people.
 Is everyone just quiet about it, or have filters actually been updated making
 this a non-issue?

i'm in the midst of writting a brief article about 69/8
reachability that i inted to post on /. and as a result hopefully
it will become a more publically visible issue as places like
news.google pick up /. articles.  If you have a server that is
in 69/8 that you want referenced by it, perhaps a test machine
saying your network appears to be working ok that you want listed
let me know.

I also am going to allow people to submit urls for a wall
of shame that still show 69/8 (amongst others) as something to block.
obviously we won't accept messages to mailing lists that are older
but anyones current use these filters to help secure your network
pages should get listed.

I encourage people who find networks that are blocking
69/8 that you get them to fix to ask them if they continue to
use such filtering to subscribe to Rob's bogon-announce list
that is hosted on my machine.

http://puck.nether.net/mailman/listinfo/bogon-announce

- jared

-- 
Jared Mauch  | pgp key available via finger from [EMAIL PROTECTED]
clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

Re: 69/8 revisited

2003-03-19 Thread jlewis 

On Wed, 19 Mar 2003, Rick Ernst wrote:

 Their answer was basically that 69/8 (only) is where they are allocating from
 and that from reading NANOG, it appears that much of the problem has been
 resolved.

I wonder what they based that ASSumption on?

The thread just sort of died...and now you've revived it.

 I haven't seen any updated information that 69/8 is now working for people.
 Is everyone just quiet about it, or have filters actually been updated making
 this a non-issue?

I've been busy with other things, so I haven't been able to spend as much
time on my 69/8 reachability project as I did the first few days.  I still
have a list of about 700 destinations reachable from 209.208/17 but not
from 69/8.  That's down from about 1000 when I did the first ping sweep.  
I know I've personally gotten half a dozen or so networks to update their
filtering.  I've also had several messages apparently go ignored (1 week
with no response and no filter update), two of which are US military
/16's.

A bunch of the remaining affected networks are in other countries where 
I'm afraid language is going to be a barrier.  This issue will likely 
never be entirely resolved.  Just hope your customers don't care about 
reaching the remaining affected networks.
 
--
 Jon Lewis [EMAIL PROTECTED]|  I route
 System Administrator|  therefore you are
 Atlantic Net|  
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: 69/8 revisited

2003-03-19 Thread Scott Granados 

I've definitely noticed the steady decline in complaints in reachability.  I
think though at some point it will be resolved, after all all the other
blocks got squared away it seems, or is that an incorrect assumption?


- Original Message -
From: [EMAIL PROTECTED]
To: Rick Ernst [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 10:26 AM
Subject: Re: 69/8 revisited



 On Wed, 19 Mar 2003, Rick Ernst wrote:

  Their answer was basically that 69/8 (only) is where they are allocating
from
  and that from reading NANOG, it appears that much of the problem has
been
  resolved.

 I wonder what they based that ASSumption on?

 The thread just sort of died...and now you've revived it.

  I haven't seen any updated information that 69/8 is now working for
people.
  Is everyone just quiet about it, or have filters actually been updated
making
  this a non-issue?

 I've been busy with other things, so I haven't been able to spend as much
 time on my 69/8 reachability project as I did the first few days.  I still
 have a list of about 700 destinations reachable from 209.208/17 but not
 from 69/8.  That's down from about 1000 when I did the first ping sweep.
 I know I've personally gotten half a dozen or so networks to update their
 filtering.  I've also had several messages apparently go ignored (1 week
 with no response and no filter update), two of which are US military
 /16's.

 A bunch of the remaining affected networks are in other countries where
 I'm afraid language is going to be a barrier.  This issue will likely
 never be entirely resolved.  Just hope your customers don't care about
 reaching the remaining affected networks.

 --
  Jon Lewis [EMAIL PROTECTED]|  I route
  System Administrator|  therefore you are
  Atlantic Net|
 _ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: 69/8 revisited

2003-03-19 Thread jlewis 

On Wed, 19 Mar 2003, Scott Granados wrote:

 I've definitely noticed the steady decline in complaints in reachability.  I
 think though at some point it will be resolved, after all all the other
 blocks got squared away it seems, or is that an incorrect assumption?

I'd bet they're not all resolved...just mostly to the point that nobody 
cares.  Does anyone have a traceroute web page from another (not 69/8) 
block that recently went from reserved to RIR allocated?  I'd be 
interesting to see how many of the 69/8 unreachable IPs are unreachable 
from other reserved-RIR allocated blocks.

By the end of the week, I expect to have a system setup (big system with
lots of available bandwidth) where people can do simultaneous traceroutes
from 69 and !69 IPs and see the results side by side.  I've got this now
on my workstation and have included a link to it in most of the filter
update request messages I've sent, but I don't want all of nanog (much
less /.) hitting my workstation.  I also plan to put the reachability
database on that system and make the unreachable IPs viewable.
 
--
 Jon Lewis [EMAIL PROTECTED]|  I route
 System Administrator|  therefore you are
 Atlantic Net|  
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: 69/8 revisited

2003-03-19 Thread Stephen Sprunk 

Thus spake [EMAIL PROTECTED]
 On Wed, 19 Mar 2003, Scott Granados wrote:
 I'd bet they're not all resolved...just mostly to the point that nobody
 cares.  Does anyone have a traceroute web page from another (not 69/8)
 block that recently went from reserved to RIR allocated?  I'd be
 interesting to see how many of the 69/8 unreachable IPs are unreachable
 from other reserved-RIR allocated blocks.

I'm wondering if there's something special about 69/8...  I can't recall
this sort of discussion for 61/8 through 68/8, at least after CIDR in the
former Class A space was initially validated.

S

Stephen Sprunk God does not play dice.  --Albert Einstein
CCIE #3723 God is an inveterate gambler, and He throws the
K5SSSdice at every possible opportunity. --Stephen Hawking

Re: 69/8 revisited

2003-03-19 Thread jlewis 

On Wed, 19 Mar 2003, Stephen Sprunk wrote:

 I'm wondering if there's something special about 69/8...  I can't recall
 this sort of discussion for 61/8 through 68/8, at least after CIDR in the
 former Class A space was initially validated.

For a very interesting comparison, do groups.google.com searches for 
69.0.0.0/8 and then for 61.0.0.0/8.  While the first is several pages of 
hits saying to block 69.0.0.0/8 as a bogon, all the links for 61.0.0.0/8 
seem to suggest blocking that /8 due to spam.
 
--
 Jon Lewis [EMAIL PROTECTED]|  I route
 System Administrator|  therefore you are
 Atlantic Net|  
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

RE: 69/8 revisited

2003-03-19 Thread McBurnett, Jim 

look at the location too... 61/8 is APNIC and 69 ARIN..

J

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 5:02 PM
To: Stephen Sprunk
Cc: Scott Granados; Rick Ernst; North American Noise and Off-topic
Gripes
Subject: Re: 69/8 revisited



On Wed, 19 Mar 2003, Stephen Sprunk wrote:

 I'm wondering if there's something special about 69/8...  I 
can't recall
 this sort of discussion for 61/8 through 68/8, at least 
after CIDR in the
 former Class A space was initially validated.

For a very interesting comparison, do groups.google.com searches for 
69.0.0.0/8 and then for 61.0.0.0/8.  While the first is 
several pages of 
hits saying to block 69.0.0.0/8 as a bogon, all the links for 
61.0.0.0/8 
seem to suggest blocking that /8 due to spam.
 
--
 Jon Lewis [EMAIL PROTECTED]|  I route
 System Administrator|  therefore you are
 Atlantic Net|  
_ http://www.lewis.org/~jlewis/pgp for PGP public key_