for folks tracking DDOS sources or reading the GRC attack log
Mike Batchelor
mikebat at tmcs.net
Mon Jun 25 23:54:12 UTC 2001
> 24.0/8 is the "cable block".
No it's not. Check out 24.132/14 for instance.
> ARIN normally allocates residential
> cable modem subnets out of this space.
No they don't. Large parts of 24/8 are allocated to RIPE or APNIC. ARIN
has no say in how those blocks are used.
> Nearly all the cable operators
> have one slice or another from this block.
Perhaps this is true in the US.
> Nearly all North American
> cable modems users have address space in this block.
No they don't.
> Cable modems
> themselves are nearly always numbered in 10.0/8.
No they aren't.
> For those who have read the GRC web site, note that 216.216.8.x
> appears not to be a cable modem slice in any event.
Let's see, hmmmm..... lots of Windows PCs, and ports 137-139 are universally
filtered across the whole /24. Smells like cable to me.
> ARIN reports
> that this slice has been allocated to @Work, which is the commercial
> IP lease-line business unit within Excite at Home.
That is correct.
> Presence of a
> *.home.net DNS entry does not mean the system is on any cable modem
> network.
That is also correct. Thank you Dr. Obvious.
> There are no 24.0/8 addresses listed in the log at
> http://grc.com/dos/attacklog.htm
> so it isn't clear to me that any cable modems were used in that
> particular attack.
Not surprising, given your impressive slate of incorrect assumptions.
>
> Ran
> rja at inet.org
Didja ever have a bad hair day, when you just felt like being contrary for
the hell of it?
>
>
More information about the NANOG
mailing list