nanog mailing list archives

Re: Rogers Canada using 7.0.0.0/8 for internal address space

From: Jeremy <jbaino () gmail com>
Date: Tue, 24 May 2011 22:22:20 -0500

Please excuse my ignorance on this and note that I am not condoning the
hijacking of IP address space.

As long as necessary precautions are taken (route filters, tunnels, VRF's)
shouldn't this be technically feasible without any negative ramifications?

These 7-NET address seem to be assigned to the modem itself, but surely they
aren't what the customer sees at thier WAN IP address right? So as long as
the modem is configured to send ALL traffic, regardless of destination
address (could be a 7NET dst) over a GRE tunnel to some aggregation point
via its acquired 7-net address and all routers were to keep the 7net on a
separate VRF, shouldn't they be able to avoid any IP collisions? Couldn't
you theoretically use anyone's IP space, advertised or not, for this
internal transit? I'm not saying it's a good idea, it's certainly more
complex which leads to its own issues, but shouldn't it be possible?

-Jeremy

On Tue, May 24, 2011 at 9:50 PM, Steven Bellovin <smb () cs columbia edu>wrote:


On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote:

----- Original Message -----

From: "Jimmy Hess" <mysidia () gmail com>

On Tue, May 24, 2011 at 4:34 PM, <Vinny_Abello () dell com> wrote:

I think those within the organization that deploy those vehicles or
are Navy SEALs might sit at different lunch tables than the guys

worried

about IP address collisions. ;-)


The F/A-18 Hornets, F/A-22 Raptors are well, and good, but that's old
technology The folks in charge of the MQ-1 predator drones might sit

closer to

the guys worried about the IP addresses.

And automated drone strikes can always be blamed on a malfunction
caused by the hijacking


If packets that control armed drones cross any router that has access

even to

SIPRnet, much less the Internet, someone's getting relieved.



http://www.eweek.com/c/a/Security/Militants-Hack-Unencrypted-Drone-Feeds-477219/

               --Steve Bellovin, https://www.cs.columbia.edu/~smb

Current thread:

Re: Rogers Canada using 7.0.0.0/8 for internal address space, (continued)
- - Re: Rogers Canada using 7.0.0.0/8 for internal address space Joel Jaeggli (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space D'Arcy J.M. Cain (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Rubens Kuhl (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Owen DeLong (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Valdis . Kletnieks (May 24)
    - Godwin was here ... was Re: Rogers Canada using 7.0.0.0/8 Edward Lewis (May 24)
  - RE: Rogers Canada using 7.0.0.0/8 for internal address space Vinny_Abello (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Jimmy Hess (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Jay Ashworth (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Steven Bellovin (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Jeremy (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Valdis . Kletnieks (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Cameron Byrne (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Michael Dillon (May 24)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Christopher Pilkington (May 25)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Robert Bonomi (May 25)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space mikea (May 25)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space bmanning (May 25)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Christopher Pilkington (May 25)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Joe Hamelin (May 25)
    - Re: Rogers Canada using 7.0.0.0/8 for internal address space Owen DeLong (May 25)

(Thread continues...)