for folks tracking DDOS sources or reading the GRC attack log
Greg A. Woods
woods at weird.com
Tue Jun 26 01:48:00 UTC 2001
[ On Monday, June 25, 2001 at 20:12:11 (-0400), Richard A. Steenbergen wrote: ]
> Subject: RE: for folks tracking DDOS sources or reading the GRC attack log
>
> Well since I don't think you can argue Canadian cable modems follow
> different patterns, you seem to have contradicted yourself...
Well, I can argue that some Canadian cable modems do follow different
patterns. Although GT are absolutely terrible at maintaining their
network assignments, I know for a fact that chunks of both
GROUPTELECOM-BLK-5A and GROUPTELECOM-BLK-6A are assigned to operating
cable modems. I'm also fairly certain that when the cable provider I
refer to finally gets their own assignment from ARIN that it won't
likely be from 24/8 (though it might -- it's anyone's guess at this
point since I don't the application has even been made yet).
Then of course there's NETBLK-GTE-CABLE-DUKE-ADSL. Is that an oxymoron,
or just an example of a contradiction to your argument?
Making assumptions about the type of last-mile connection in use by some
IP address based solely on its classical prefix (eg. 24/0) is just never
going to be accurate. Making assumptions about where a classical prefix
is routed geographically is going to get you in real trouble. From what
I can see 24/8 can be found on many continents, never mind in many
countries.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods at acm.org> <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>
More information about the NANOG
mailing list