Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

[bmanning () vacation karoshi com]

On Wed, Sep 03, 2008 at 10:00:41AM -0400, Christopher Morrow wrote:
> On Wed, Sep 3, 2008 at 8:48 AM,  <bmanning () vacation karoshi com> wrote:
> > On Tue, Sep 02, 2008 at 10:08:10PM -0400, Christopher Morrow wrote:
> > > On 9/2/08, Todd Underwood <todd-nanog () renesys com> wrote:
> > >
> > > >  checking our current data, that block is not currently routed by any
> > > >  of our peers over the last month (i would assume ripe ris and
> > > >  routeviews report similar data, but i did not check them.
> > >
> > > it's also probably worth stating that parts of 198.32/16 are never
> > > routed anywhere on the Internet (here comes bill to tell me 'who's
> > > Internet?' .....). Some is in use on private networks, some is in use
> > > at exchange points and not routed outside the immediate peers.
> >
> >        grump... ok...  "who's internet"?
>
> there he is!!! :) (thanks for restoring my faith in... humanity)

        WHO'S THAT TRIP-TRAPPING ACROSS MY BRIDGE?
        (random thought of the day ...  is there a real requirement to 
        do routing at the level of granularity we seem to have fallen into?
        is there any reason to not do more bridging, creating larger broadcast
        domains?  Such constructs are certainly more ammenable to device mobility,
        esp in the absence of workable mobil IP and the derth of EID/LOC splits...
        and there would be less route churn....  lots of good reasons)
        

> > > Most times, as I recall, epnet does a decent job of keeping the whois
> > > data or rdns data updated though, for things in use. (though possibly
> > > not for private uses)
> >
> >        rdns moreso that whois...
>
> 198.32.64.12 == AS-20144-has-not-REGISTERED-the-use-of-this-prefix.
> for instance?

        well that has been there for some time - we need not remove the 
        clay-cap off that nuclear waste dump - let sleeping dogs lie.

> -chris

--bill