nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Whois 172/12

From: Jon Lewis <jlewis () lewis org>
Date: Sun, 15 Jan 2012 08:54:34 -0500 (EST)
On Sun, 15 Jan 2012 bmanning () vacation karoshi com wrote:


        so as a stylistic point,   172/12  is supposed to equal 172.0.0.0/12?


Yeah...it's pretty common to drop the zeros when talkind CIDR.


        if memory serves, back in the day, there were records of allocations in this space,
        pre-ARIN. When RFC 1918 was settled on, there were some folks blocking 172.0.0.0/8
        so there was talk of relocating those folks into other space.
AOL has and uses (publicly) a bunch of space in 172/8. In fact, looking at a BGP table, I'd say they're by far the largest user (one of the only) in that /8.
For the OP...that scan traffic coming from 172.0.1.216 could be locally generated, or could be coming from the internet, either from someone announcing it briefly, or from a leaky NAT (just because it's not rfc1918 space doesn't mean someone didn't pick it out of their nether regions as the "private network" for some NAT'd network).
There are resources where you can check to see if 172.0.1/24 or larger networks have been announced recently (left as an exercise for the reader). If it hasn't, then the "scans" probably aren't being very effective since there can be no reply. 

----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: