nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

From: Todd Underwood <todd-nanog () renesys com>
Date: Wed, 3 Sep 2008 00:40:49 +0000
dan,

(to follow up on david conrad's response)...

On Tue, Sep 02, 2008 at 04:31:40PM -0700, David Conrad wrote:

On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote:

While recently trying to debug a CEF issue, I found a good number of  
packets in my "debug cef drops" output that were all directed at  
198.32.64.12 (which I see as being allocated to ep.net but  
completely unused).


As Steve Conte pointed out, that is the address that used to be used  
for l.root-servers.net.  l.root-servers.net was renumbered almost a  
year ago, with the announcement of the old address turned off about 6  
months ago.


there's some context on recent routing issues with this network
described at the renesys blog here:

http://www.renesys.com/blog/2008/06/securing_the_root_1.shtml

in short:  the prefix containing this network was advertised by people
other than iana for a time after iana stopped advertising it. 

checking our current data, that block is not currently routed by any
of our peers over the last month (i would assume ripe ris and
routeviews report similar data, but i did not check them.

t.

-- 
_____________________________________________________________________
todd underwood                                 +1 603 643 9300 x101
renesys corporation                            general manager babbledog
todd () renesys com                               http://www.renesys.com/blog
Previous By Date Next
Previous By Thread Next

Current thread: