nanog mailing list archives
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
From: Todd Underwood <todd-nanog () renesys com>
Date: Wed, 3 Sep 2008 00:40:49 +0000
dan, (to follow up on david conrad's response)... On Tue, Sep 02, 2008 at 04:31:40PM -0700, David Conrad wrote:
On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote:While recently trying to debug a CEF issue, I found a good number of packets in my "debug cef drops" output that were all directed at 198.32.64.12 (which I see as being allocated to ep.net but completely unused).As Steve Conte pointed out, that is the address that used to be used for l.root-servers.net. l.root-servers.net was renumbered almost a year ago, with the announcement of the old address turned off about 6 months ago.
there's some context on recent routing issues with this network described at the renesys blog here: http://www.renesys.com/blog/2008/06/securing_the_root_1.shtml in short: the prefix containing this network was advertised by people other than iana for a time after iana stopped advertising it. checking our current data, that block is not currently routed by any of our peers over the last month (i would assume ripe ris and routeviews report similar data, but i did not check them. t. -- _____________________________________________________________________ todd underwood +1 603 643 9300 x101 renesys corporation general manager babbledog todd () renesys com http://www.renesys.com/blog
Current thread:
- Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?], (continued)
- Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?] Steven M. Bellovin (Sep 02)
- Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?] Gadi Evron (Sep 02)
- Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or Joe Greco (Sep 03)
- Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or Steven M. Bellovin (Sep 03)
- Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or Lamar Owen (Sep 03)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? micky coughes (Sep 02)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Gadi Evron (Sep 02)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Todd Underwood (Sep 02)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Christopher Morrow (Sep 02)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? bmanning (Sep 03)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? Christopher Morrow (Sep 03)
- Re: 198.32.64.12 -- Harmless mis-route or potential exploit? bmanning (Sep 03)