Re: 10.0.0

[Jared Mauch <jared () puck nether net>]

Ehud Gavron boldly claimed:
>       This does not belong to NANOG.  I'm only CCing so you're not
>       inundated with responses.
>       
>       1. A host can have multiple addresses.  These do not have
>          to be on the same network.  It's a redundancy thing.
>          Since the host in question is a nameserver, it's even
>          more reasonable.

        True.

>       2. Reserved addresses can be used anywhere.  They are just
>          not supposed to be leaked into the public internet.

        Also true, but please re-examine this traceroute:

> > traceroute to ns1.sierra.net (207.135.224.247), 30 hops max, 40 byte packets
> > 9  207.49.13.50 (207.49.13.50)  114 ms  117 ms  112 ms
> > 10  207.14.235.22 (207.14.235.22)  112 ms  116 ms  113 ms
> > 11  10.0.0.2 (10.0.0.2)  116 ms  108 ms  114 ms
> > 12  rock.sierra.net (207.135.224.247)  116 ms  112 ms  113 ms

        You can have an internal mesh made up of entireley rfc1918 address
space, and not leak these routes to the rest of the world, I've only
once caught MCI leaking stuff from a test lab, which was kinda annoying,
but not really anything bad, and a polite e-mail message to them got
an immediate fix of the problem.

        that next-hop is only relevant to someones local lan, but you
can't traceroute to 10.0.0.2, otherwise someone is doing something naughty.

        I ran into this before I realized this could be done in this
fashion, and asked a few questions around and got an answer as to how
it worked.

        If your parser is having problems with this message, please ask
me any questions, and I can clarify any questions you have.

        - jared

-- 
jared () CIC Net - CICNET --------- jared () Nether Net - Nether Network
"I've got a question"  "What is it?" "An interrogative expression often used 
to test knowledge, but that's not important right now."
- - - - - - - - - - - - - - - - -