nanog mailing list archives

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

From: Steve Conte <conte () isoc org>
Date: Tue, 2 Sep 2008 15:33:42 -0700

On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote:

Hello all,
While recently trying to debug a CEF issue, I found a good number ofpackets in my "debug cef drops" output that were all directed at198.32.64.12 (which I see as being allocated to ep.net butcompletely unused).
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Sep  2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route
Now, as nearly as I can tell, this IP address has never been usedfor anything, but I see occasional references to it, such as here:


Once upon a time, that used to be the IP address for the L Root server.

Steve


-----
Steve Conte
conte () isoc org

Current thread:

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?, (continued)
- - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Paul Wall (Sep 02)
    - self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?] Patrick W. Gilmore (Sep 02)
    - Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?] Steven M. Bellovin (Sep 02)
    - Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?] Gadi Evron (Sep 02)
    - Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or Joe Greco (Sep 03)
    - Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or Steven M. Bellovin (Sep 03)
    - Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or Lamar Owen (Sep 03)
  - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Aaron Glenn (Sep 02)
    - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? micky coughes (Sep 02)
    - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Gadi Evron (Sep 02)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Steve Conte (Sep 02)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? David Conrad (Sep 02)
  - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Todd Underwood (Sep 02)
    - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Christopher Morrow (Sep 02)
    - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? bmanning (Sep 03)
    - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Christopher Morrow (Sep 03)
    - Re: 198.32.64.12 -- Harmless mis-route or potential exploit? bmanning (Sep 03)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? bmanning (Sep 03)