Re: Out of Date Bogon Prefix
The code that Randy mentioned is part of an ARIN bogon testing initiative. ARIN funded this work and provided equipment to Randy to perform this testing. ARIN thanks Randy and those who worked with him for the effort in this area. ARIN will deploy this code as it continues its bogon testing efforts in the coming year. Nate Davis Chief Operations Officer ARIN Randy Bush wrote: Switching topics only slightly: Nick, do you have any data on what parts of the 'Net you can and cannot reach? Perhaps take a dump of route-views and ping some IPs in each ASN? Shouldn't be hard to script, and might yield useful data - both to you and the rest of us. tee hee. been there. done that. and for 173.0.0.0/20. paper submitted a month ago, but you saw a preso of the technique a year ago, see http://rip.psg.com/~randy/070604.nanog-bogons.pdf. arin has the code from us so they could put it into production if they so chose. randy
Re: Out of Date Bogon Prefix
Nick, I had experienced similar situation in last year. We evaluated our internet connectivity on application layer to explain our connectivity for our customer. I had presentation in JANOG21 (JApan Network Operators' Group 21th meeting) in January. JANOG i18n members translated my Japansese material. http://www.janog.gr.jp/en/index.php?JANOG21%20Programs#t4bc51ef
RE: Out of Date Bogon Prefix
Very helpful information. Thanks. Nick Downey -Original Message- From: Hiroyuki ASHIDA [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2008 1:51 PM To: [EMAIL PROTECTED] Cc: nanog@nanog.org Subject: Re: Out of Date Bogon Prefix Nick, I had experienced similar situation in last year. We evaluated our internet connectivity on application layer to explain our connectivity for our customer. I had presentation in JANOG21 (JApan Network Operators' Group 21th meeting) in January. JANOG i18n members translated my Japansese material. http://www.janog.gr.jp/en/index.php?JANOG21%20Programs#t4bc51ef
Re: Out of Date Bogon Prefix
Nick, You might want to take a closer look at who is really bogon filtering you. Emailing their upstream providers may not be the most effective method for getting endsites to update their bogon filters. They don't have to listen to us when we forward your note on. We can't force them to accept traffic from you or update their filters. As someone else pointed out, directly contacting the folks who are filtering you may be time consuming but typically draws the best results. I agree with the other comments that if you are going to use a form letter please provide more details about the IP's you are using and your ASN. Please also pass this on to your colleagues Eric and Kevin, who I've heard from lately :) --Heather ~*~*~*~*~*~*~*~*~*~*~*~ Heather Schiller Customer Security IP Address Management 1.800.900.0241 ~*~*~*~*~*~*~*~*~*~*~*~ Nick Downey wrote: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still exists on older Bogon lists many web providers are currently using. A Bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPN or other tunnels) should never have a source address in a Bogon range. These are commonly found as the source addresses of DDoS attacks. The IP scope referenced is a 173.x.x.x. This IP scope was on the Bogon list and was blocked by all websites using a Bogon prefix up until February of 2008, when it was released by IANA (Internet Assigned Numbers Authority) for public use and an updated Bogon prefix was provided. Mediacom customers that are within this IP range are not able to reach a website hosted by many organizations. Mediacom is individually requesting that these providers update their Bogon prefix to the most current version to resolve this issue immediately. We are requesting assistance from this community to make this issue known and to advise administrators to update to the most current Bogon list. We have provided some reference material that many may find helpful in resolving this issue. Bogons are defined as Martians (private and reserved addresses defined by http://www.ietf.org/rfc/rfc1918.txt RFC 1918 http://www.faqs.org/rfcs/rfc1918.html http://www.faqs.org/rfcs/rfc1918.html and http://www.ietf.org/rfc/rfc3330.txt RFC 3330 http://www.faqs.org/rfcs/rfc3330.html http://www.faqs.org/rfcs/rfc3330.html) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority http://www.iana.org/ http://www.iana.org/. IANA maintains a convenient IPv4 summary page http://www.iana.org/assignments/ipv4-address-space http://www.iana.org/assignments/ipv4-address-space listing allocated and reserved netblocks. Please help to spread the word. Nick Downey Director Network Operations Center Mediacom Communications Main (800)308-6715 Secondary (515)267-1167 [EMAIL PROTECTED] LEGAL DISCLAIMER This E-mail and any attachments are strictly confidential and intended solely for the addressee. You must not disclose, forward or copy this E-mail or attachments to any third party without the prior consent of the sender or Mediacom Communications Corporation. If you are not the intended addressee please notify the sender by return E-mail and delete this E-mail and its attachments.
RE: Out of Date Bogon Prefix
That makes sense. I am working on updating our MP. Thanks. Nick -Original Message- From: Heather Schiller [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2008 3:13 PM To: Nick Downey Cc: nanog@nanog.org Subject: Re: Out of Date Bogon Prefix Nick, You might want to take a closer look at who is really bogon filtering you. Emailing their upstream providers may not be the most effective method for getting endsites to update their bogon filters. They don't have to listen to us when we forward your note on. We can't force them to accept traffic from you or update their filters. As someone else pointed out, directly contacting the folks who are filtering you may be time consuming but typically draws the best results. I agree with the other comments that if you are going to use a form letter please provide more details about the IP's you are using and your ASN. Please also pass this on to your colleagues Eric and Kevin, who I've heard from lately :) --Heather ~*~*~*~*~*~*~*~*~*~*~*~ Heather Schiller Customer Security IP Address Management 1.800.900.0241 ~*~*~*~*~*~*~*~*~*~*~*~ Nick Downey wrote: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still exists on older Bogon lists many web providers are currently using. A Bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPN or other tunnels) should never have a source address in a Bogon range. These are commonly found as the source addresses of DDoS attacks. The IP scope referenced is a 173.x.x.x. This IP scope was on the Bogon list and was blocked by all websites using a Bogon prefix up until February of 2008, when it was released by IANA (Internet Assigned Numbers Authority) for public use and an updated Bogon prefix was provided. Mediacom customers that are within this IP range are not able to reach a website hosted by many organizations. Mediacom is individually requesting that these providers update their Bogon prefix to the most current version to resolve this issue immediately. We are requesting assistance from this community to make this issue known and to advise administrators to update to the most current Bogon list. We have provided some reference material that many may find helpful in resolving this issue. Bogons are defined as Martians (private and reserved addresses defined by http://www.ietf.org/rfc/rfc1918.txt RFC 1918 http://www.faqs.org/rfcs/rfc1918.html http://www.faqs.org/rfcs/rfc1918.html and http://www.ietf.org/rfc/rfc3330.txt RFC 3330 http://www.faqs.org/rfcs/rfc3330.html http://www.faqs.org/rfcs/rfc3330.html) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority http://www.iana.org/ http://www.iana.org/. IANA maintains a convenient IPv4 summary page http://www.iana.org/assignments/ipv4-address-space http://www.iana.org/assignments/ipv4-address-space listing allocated and reserved netblocks. Please help to spread the word. Nick Downey Director Network Operations Center Mediacom Communications Main (800)308-6715 Secondary (515)267-1167 [EMAIL PROTECTED] == == LEGAL DISCLAIMER == == This E-mail and any attachments are strictly confidential and intended solely for the addressee. You must not disclose, forward or copy this E-mail or attachments to any third party without the prior consent of the sender or Mediacom Communications Corporation. If you are not the intended addressee please notify the sender by return E-mail and delete this E-mail and its attachments. == ==
Re: Out of Date Bogon Prefix
Nick Downey wrote: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still [..] Please fix your mailer as it seems to be broken with respect to line-breaks and that makes reading very annoying. The IP scope referenced is a 173.x.x.x. This IP scope was on the Bogon list and was blocked by all If you really want the block you have to be debogonized it would be handy if you: - provide the full prefix, including prefix length, and not just x.x.x - reference to the whois entry - the ASN you are announcing this from - an IP address in that prefix that replies to at least ICMP echo requests with an ICMP echo response so that people can check for you if they can reach it. The people who care about these things would love to help you, but without proper information (173.0.0.0/8 is pretty big you know), that is very impossible, and why would they spend time on resolving your problem if you don't take the nice steps to provide proper information? Please also do some work on your side, and read up on: http://www.ris.ripe.net/debogon/ Greets, Jeroen PS: Most people here know what ARIN is and they also know what bogon routes are, repeating those terms is not very clueful ;) signature.asc Description: OpenPGP digital signature
RE: Out of Date Bogon Prefix
Will do. Thanks for the input. First time posting to this board. When I get everything together, should I just resend the entire email or just the information being requested? Nick Downey -Original Message- From: Jeroen Massar [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 12:37 PM To: Nick Downey Cc: nanog@nanog.org Subject: Re: Out of Date Bogon Prefix Nick Downey wrote: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still [..] Please fix your mailer as it seems to be broken with respect to line-breaks and that makes reading very annoying. The IP scope referenced is a 173.x.x.x. This IP scope was on the Bogon list and was blocked by all If you really want the block you have to be debogonized it would be handy if you: - provide the full prefix, including prefix length, and not just x.x.x - reference to the whois entry - the ASN you are announcing this from - an IP address in that prefix that replies to at least ICMP echo requests with an ICMP echo response so that people can check for you if they can reach it. The people who care about these things would love to help you, but without proper information (173.0.0.0/8 is pretty big you know), that is very impossible, and why would they spend time on resolving your problem if you don't take the nice steps to provide proper information? Please also do some work on your side, and read up on: http://www.ris.ripe.net/debogon/ Greets, Jeroen PS: Most people here know what ARIN is and they also know what bogon routes are, repeating those terms is not very clueful ;)
Re: Out of Date Bogon Prefix
On Tue, 05 Aug 2008 12:16:53 CDT, Nick Downey said: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still exists on older Bogon lists many web providers are currently using. Out of curiosity - what percentage of connectivity providers are both clued enough to be represented on NANOG and yet unclued enough to not understand the need to keep bogon filters up to date (even if you just get a BGP feed from Team Cymru)? (By the way, Nick - if what you sent NANOG was a form letter template, I'd lose a lot of the RFC references and point at Team Cymru's stuff instead)... pgpKvpp537vxs.pgp Description: PGP signature
RE: Out of Date Bogon Prefix
Thanks for the input. Currently, we are receiving 173.16.x.x /19 and /18, with plans to get additional IPs within the same range. ASN 6478 or 7018 - Through ATT You can test access to this network by ping this gateway: 173.16.28.1 Whois information: 173.16.28.1 Record Type:IP Address OrgName:Mediacom Communications Corp OrgID: MCC-244 Address:100 Crystal Run Rd. City: Middletown StateProv: NY PostalCode: 10941 Country:US ReferralServer: rwhois://rwhois.mediacomcc.com:4321 NetRange: 173.16.0.0 - 173.17.31.255 CIDR: 173.16.0.0/16, 173.17.0.0/19 NetName:MEDIACOM-RESIDENTIAL-CUST NetHandle: NET-173-16-0-0-1 Parent: NET-173-0-0-0-0 NetType:Direct Allocation NameServer: NS1.MCHSI.COM NameServer: NS2.MCHSI.COM Comment: RegDate:2008-05-19 Updated:2008-07-29 OrgTechHandle: JSE90-ARIN OrgTechName: Selvage, Joe OrgTechPhone: +1-845-695-2706 OrgTechEmail: [EMAIL PROTECTED] -Original Message- From: Jeroen Massar [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 12:37 PM To: Nick Downey Cc: nanog@nanog.org Subject: Re: Out of Date Bogon Prefix Nick Downey wrote: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still [..] Please fix your mailer as it seems to be broken with respect to line-breaks and that makes reading very annoying. The IP scope referenced is a 173.x.x.x. This IP scope was on the Bogon list and was blocked by all If you really want the block you have to be debogonized it would be handy if you: - provide the full prefix, including prefix length, and not just x.x.x - reference to the whois entry - the ASN you are announcing this from - an IP address in that prefix that replies to at least ICMP echo requests with an ICMP echo response so that people can check for you if they can reach it. The people who care about these things would love to help you, but without proper information (173.0.0.0/8 is pretty big you know), that is very impossible, and why would they spend time on resolving your problem if you don't take the nice steps to provide proper information? Please also do some work on your side, and read up on: http://www.ris.ripe.net/debogon/ Greets, Jeroen PS: Most people here know what ARIN is and they also know what bogon routes are, repeating those terms is not very clueful ;)
RE: Out of Date Bogon Prefix
Ya sure, like any of us would admit to 50% clue-ness. With all the posts here about bogons I would really be surprised that any nanog readers didn't know about keeping bogons updated. -- Tim Sanderson, network administrator [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 2:15 PM To: Nick Downey Cc: nanog@nanog.org Subject: Re: Out of Date Bogon Prefix On Tue, 05 Aug 2008 12:16:53 CDT, Nick Downey said: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still exists on older Bogon lists many web providers are currently using. Out of curiosity - what percentage of connectivity providers are both clued enough to be represented on NANOG and yet unclued enough to not understand the need to keep bogon filters up to date (even if you just get a BGP feed from Team Cymru)? (By the way, Nick - if what you sent NANOG was a form letter template, I'd lose a lot of the RFC references and point at Team Cymru's stuff instead)...
RE: Out of Date Bogon Prefix
Nick: Out of curiosity and considering your position in the NOC, does anyone else on your staff read this list regularly? Frank -Original Message- From: Nick Downey [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 12:44 PM To: 'Jeroen Massar' Cc: nanog@nanog.org Subject: RE: Out of Date Bogon Prefix Will do. Thanks for the input. First time posting to this board. When I get everything together, should I just resend the entire email or just the information being requested? Nick Downey
Re: Out of Date Bogon Prefix
On Aug 5, 2008, at 3:26 PM, Tim Sanderson wrote: Ya sure, like any of us would admit to 50% clue-ness. With all the posts here about bogons I would really be surprised that any nanog readers didn't know about keeping bogons updated. I'd be shocked it there were no people who read NANOG and misunderstood or blatantly ignored some of it. Unfortunately, that means they would ignore / misunderstand the OP's request. But there is probably a small percentage clueless enough to have stale bogon filters, but just clueful enough to realize what the OP said might apply to them. A very small percentage Switching topics only slightly: Nick, do you have any data on what parts of the 'Net you can and cannot reach? Perhaps take a dump of route-views and ping some IPs in each ASN? Shouldn't be hard to script, and might yield useful data - both to you and the rest of us. -- TTFN, patrick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 2:15 PM To: Nick Downey Cc: nanog@nanog.org Subject: Re: Out of Date Bogon Prefix On Tue, 05 Aug 2008 12:16:53 CDT, Nick Downey said: This is an heads-up from the Mediacom Network Operations Center about an issue we are seeing. We were recently given an IP scope from ARIN (American Registry for Internet Numbers) that still exists on older Bogon lists many web providers are currently using. Out of curiosity - what percentage of connectivity providers are both clued enough to be represented on NANOG and yet unclued enough to not understand the need to keep bogon filters up to date (even if you just get a BGP feed from Team Cymru)? (By the way, Nick - if what you sent NANOG was a form letter template, I'd lose a lot of the RFC references and point at Team Cymru's stuff instead)...
Re: Out of Date Bogon Prefix
On 6/08/2008, at 4:18 PM, Patrick W. Gilmore wrote: Switching topics only slightly: Nick, do you have any data on what parts of the 'Net you can and cannot reach? Perhaps take a dump of route-views and ping some IPs in each ASN? Shouldn't be hard to script, and might yield useful data - both to you and the rest of us. http://www.apricot.net/apricot2007/presentation/conference/plenary3-randy-bogon.pdf is probably of interest to you. Not sure if it's been published elsewhere, or if the work has been scripted and run recently. Perhaps a monthly update would be useful? -- Nathan Ward
Re: Out of Date Bogon Prefix
Switching topics only slightly: Nick, do you have any data on what parts of the 'Net you can and cannot reach? Perhaps take a dump of route-views and ping some IPs in each ASN? Shouldn't be hard to script, and might yield useful data - both to you and the rest of us. tee hee. been there. done that. and for 173.0.0.0/20. paper submitted a month ago, but you saw a preso of the technique a year ago, see http://rip.psg.com/~randy/070604.nanog-bogons.pdf. arin has the code from us so they could put it into production if they so chose. randy
Re: Out of Date Bogon Prefix
Perhaps a monthly update would be useful? we are running it approximately monthly from servers on three continents to see how things change over time and how locations differ. oh, and we do comparative traceroutes do diagnose *where* the filter is. just pinging out there, as patrick suggested, does not tell you where the blockage actually is. sad to say, folk do not seem to remove filters. but when we wrote to them, they did. credit to olaf maennel, now of t-labs, tu berlin, etc., for most of the hard work on this. randy