[148421] in North American Network Operators' Group
Re: Whois 172/12
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sun Jan 15 08:55:49 2012
Date: Sun, 15 Jan 2012 08:54:34 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: bmanning@vacation.karoshi.com
In-Reply-To: <20120115124719.GA20706@vacation.karoshi.com.>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, 15 Jan 2012 bmanning@vacation.karoshi.com wrote:
> so as a stylistic point, 172/12 is supposed to equal 172.0.0.0/12?
Yeah...it's pretty common to drop the zeros when talkind CIDR.
> if memory serves, back in the day, there were records of allocations in this space,
> pre-ARIN. When RFC 1918 was settled on, there were some folks blocking 172.0.0.0/8
> so there was talk of relocating those folks into other space.
AOL has and uses (publicly) a bunch of space in 172/8. In fact, looking
at a BGP table, I'd say they're by far the largest user (one of the only)
in that /8.
For the OP...that scan traffic coming from 172.0.1.216 could be locally
generated, or could be coming from the internet, either from someone
announcing it briefly, or from a leaky NAT (just because it's not rfc1918
space doesn't mean someone didn't pick it out of their nether regions as
the "private network" for some NAT'd network).
There are resources where you can check to see if 172.0.1/24 or larger
networks have been announced recently (left as an exercise for the
reader). If it hasn't, then the "scans" probably aren't being very
effective since there can be no reply.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
