[111264] in North American Network Operators' Group
Re: Private use of non-RFC1918 IP space
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Mon Feb 2 15:36:37 2009
Date: Tue, 3 Feb 2009 05:36:32 +0900
From: Adrian Chadd <adrian@creative.net.au>
To: Nathan Ward <nanog@daork.net>
In-Reply-To: <2D161455-CADA-4BC1-B874-3629E8E208A8@daork.net>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Feb 03, 2009, Nathan Ward wrote:
> I think you will find that "most ISPs, if not all" in the DFZ "null
> route" 0.0.0.0/0.
> If they don't have a route covering 1.0.0.0/8, of course packets
> destined to that prefix will be dropped.
Damn those backup default routes then...
violet:~ adrian$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=246 time=584.909 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=246 time=478.598 ms
...
6 mumble.gblx.net (69.x.y.z) 11.907 ms 14.086 ms 16.931 ms
7 ge-2-0-0-10g.scr2.nyc1.gblx.net (67.17.108.233) 18.269 ms 16.460 ms 16.369 ms
8 64-76-84-39.static.impsat.com.co (64.76.84.39) 218.169 ms * 136.983 ms
$
Reminds me of when I found various ISPs in Asia "leaking" routes somehow,
and large chunks of RFC1918 space suddenly became reachable. Imagine my
surprise when someone started seeing SNMP data for some "auto detected"
SNMP agent IPs suddenly started returning statistics. For SNMP community
"public". For randomly named kit, like "netgear" and "cisco" hostnames.
Adrian
(ObAmusing: said corporate suddenly thought they had more assets and wanted
us to track it down for them; they wouldn't take "its not yours" as an
answer. Why? Because RFC1918 addresses are private, right, and obviously
that means they're -only- visible on -their- network. Thankfully I was
a consultant and that was absolutely not in my scope of responsibility..)
