[138439] in North American Network Operators' Group
Re: why hp bladeserver chassis have a sudden interest in thailand.
daemon@ATHENA.MIT.EDU (Kevin Day)
Tue Mar 8 00:21:39 2011
From: Kevin Day <toasty@dragondata.com>
In-Reply-To: <31657724.1969.1299559651369.JavaMail.root@benjamin.baylink.com>
Date: Mon, 7 Mar 2011 23:16:55 -0600
To: Jay Ashworth <jra@baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 7, 2011, at 10:47 PM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Joel Jaeggli" <joelja@bogus.com>
>=20
>> =
http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=3D10944=
7626+1299558177753+28353475&threadId=3D1471451
>>=20
>> As a potentially cautionary tale for the squatting on unused pieces =
of
>> address space either in your network or applications.
>>=20
>> drive slow (and filter 22 outgoing to 49.48.46.49 until you get new
>> firmware)
>=20
> (HP Blades apparently depended on rDNS for 49.48/16 failing hard, =
which=20
> stopped happening when the block was allocated)
For those at home scratching their heads, I ran into this before too =
when trying to figure out why they were making in-addr.arpa requests =
over and over again...
49 decimal in ASCII =3D "1"
48 decimal in ASCII =3D "0"
46 decimal in ASCII =3D "."
49 decimal in ASCII =3D "1"
or "10.1"
If you had a hard-coded IP address instead of a hostname for its =
management host, the logic to resolve the hostname would get confused =
and attempt to do a reverse-dns lookup of the first 4 characters of the =
ASCII representation of the hostname, and connect to that instead. So, =
if your management host was "10.1.1.1" the first 4 characters were =
"10.1" which is 49.48.46.49 if you smash the values of each character =
into a v4 address and try to grab a PTR record for it. If that lookup =
failed, it'd fall back to connecting to the IP correctly. Only after =
49.48/16 was assigned and started giving out PTR records did this bug =
actually do anything.
It is attempting to SSH to the host at 49.48.46.49 though, which is =
probably bad.
(the above is my own attempt at figuring out what was happening, but =
might not be 100% accurate)
