Home page logo

nanog logo nanog mailing list archives

RE: Net-24 top prefix generating bogus RFC-1918 queries
From: Sean Donelan <sean () donelan com>
Date: Mon, 2 Jun 2003 00:26:16 -0400 (EDT)

On Sun, 1 Jun 2003, McBurnett, Jim wrote:
guys.. I have a thought...
I am a charter fiber customer..
AND they use lots of 1918 address for management even some customer links.
I have seen this on all the cable providers..
unlike Sprint/MCI/ATT they don't use 100% RW on all their equipment..

then they leak because the BGP is not filtering properly..

Uhm, incorrect.

A DNS lookup for a RFC1918 in-addr.arpa record is unrelated to BGP or
BGP filters.

If you want to generate an RFC1918 in-addr.arpa query to the AS112
servers do the following

Default Server:  localhost

set querytype=any
Server:  localhost

Non-authoritative answer:
        origin = prisoner.iana.org
        mail addr = hostmaster.root-servers.org
        serial = 2002040800
        refresh = 1800 (30M)
        retry   = 900 (15M)
        expire  = 604800 (1W)
        minimum ttl = 604800 (1W)

Authoritative answers can be found from:
10.in-addr.arpa nameserver = BLACKHOLE-1.iana.org
10.in-addr.arpa nameserver = BLACKHOLE-2.iana.org
BLACKHOLE-1.iana.org    internet address =
BLACKHOLE-2.iana.org    internet address =

Your query will then be included in John's statistics.  You BGP filters
will not stop it.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]