Mailing List Archive

> *> 192.168.22.0 144.228.71.5 0 1239 1800 1804 1128 1955 3337 ?
> *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ?
> *> 192.168.216.0 144.228.71.5 0 1239 1800 1755 1273 ?
>
> Shame on you 3337, 1794 and 1273.

Indeed. Since it's not my turn to be at fault for this kind of thing tonight,
I guess I'll chime in with a copy of some useful goodies that Andrew Partan
bestowed upon me last time CIX was caught advertising something bad:

router bgp xxxx
neighbor y.y.y.y remote-as zzzz
neighbor y.y.y.y distribute-list 100 in
neighbor y.y.y.y distribute-list 101 out

access-list 100 deny ip host 0.0.0.0 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 100 deny ip any 255.255.255.128 0.0.0.127
access-list 100 permit ip any any

access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 101 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 101 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 101 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 101 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 101 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 101 deny ip any 255.255.255.128 0.0.0.127
access-list 101 permit ip any any

These are currently identical, but they're split into separate access-list's
in case the sending restrictions and the receiving restrictions ever have
cause to differ.

Note that everybody who's anybody uses peer groups rather than duplicating
this for every peer, but I'm the wrong person to try to explain peer groups
so the above was intentionally kept at my "grunt, poke, listen" level.
- - - - - - - - - - - - - - - - -

| I need a few class Cs. Hope nobody will mind if I take
| 192.168.0.0/20. ;)

Knock yourself out. :-)

| *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ?

This appears to be a truly ancient (before 17 Jan 1996) typo
or thinko or somesuch, and has been corrected.

Sean.
- - - - - - - - - - - - - - - - -

>
>
> I need a few class Cs. Hope nobody will mind if I take
> 192.168.0.0/20. ;)
>
> *> 192.168.22.0 144.228.71.5 0 1239 1800 1804 1128 1955 3337 ?
> *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ?
> *> 192.168.216.0 144.228.71.5 0 1239 1800 1755 1273 ?
>
> Shame on you 3337, 1794 and 1273.
>
> - david
>

Now why would 1239 advertize well known private address space?

--
--bill
Key fingerprint = FA 2A 63 DA 63 2E CB DB 26 2F 7A 12 B1 07 7D 68
- - - - - - - - - - - - - - - - -

Might be a good time to mention that there is a web page that tracks all of
the bogus routing information sent each day. See http://www.ra.net/statistics
and select "routing problems."

There is also now a mailing list where you can receive a daily list of all the
bogus routes (RFC-1918, IANA reserved nets, host announcements, etc.) sent the
previous day. To subscribe, send mail to routing-problems-request@ra.net.

- Craig



------- Forwarded Message

Return-Path: nanog-owner@merit.edu
Received: from merit.edu (merit.edu [35.1.1.42]) by home.merit.edu
(8.7.5/merit-2.0) with ESMTP id DAA07017; Thu, 23 May 1996 03:41:14 -0400 (EDT)
Received: (from daemon@localhost) by merit.edu (8.7.5/merit-2.0) id DAA09256
for nanog-outgoing; Thu, 23 May 1996 03:39:20 -0400 (EDT)
Received: from chops.icp.net (chops.icp.net [199.0.55.71]) by merit.edu
(8.7.5/merit-2.0) with ESMTP id DAA09251 for <nanog@merit.edu>; Thu, 23 May
1996 03:39:17 -0400 (EDT)
Received: by chops.icp.net id <20677>; Thu, 23 May 1996 03:39:05 +0100
From: Sean Doran <smd@icp.net>
To: djs@secure.net, nanog@merit.edu
Subject: Re: RFC 1597
Cc: dfk@ripe.net, hank@sprint.net, insc@sprintlink.net,
rv@INFORMATIK.UNI-DORTMUND.DE
Message-Id: <96May23.033905+0100_edt.20677+12@chops.icp.net>
Date: Thu, 23 May 1996 03:38:58 +0100
Sender: owner-nanog@merit.edu
Precedence: bulk

| I need a few class Cs. Hope nobody will mind if I take
| 192.168.0.0/20. ;)

Knock yourself out. :-)

| *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ?

This appears to be a truly ancient (before 17 Jan 1996) typo
or thinko or somesuch, and has been corrected.

Sean.

------- End of Forwarded Message


--
Craig Labovitz labovit@merit.edu
Merit Network, Inc. (313) 764-0252 (office)
4251 Plymouth Road, Suite C. (313) 747-3745 (fax)
Ann Arbor, MI 48105-2785



- - - - - - - - - - - - - - - - -

bill manning asked:
> Now why would 1239 advertize well known private
> address space?

Because nobody around here got around to preventing the
readvertisement of those addresses. Now fixed in the
configs.

Sean.

- - - - - - - - - - - - - - - - -

>| I need a few class Cs. Hope nobody will mind if I take
>| 192.168.0.0/20. ;)
>
>Knock yourself out. :-)
>
>| *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ?
>
>This appears to be a truly ancient (before 17 Jan 1996) typo
>or thinko or somesuch, and has been corrected.
>
> Sean.

Sh*t. Part of the plan here was to filter these damn addresses - seems
we managed to drop this under the table at some stage. Very sorry and
red faced yours. Filters going in - if not already in place by our NOC.

Dave
- - - - - - - - - - - - - - - - -