Question on 7.0.0.0/8
william(at)elan.net
william at elan.net
Sat Apr 14 09:56:58 UTC 2007
On Sat, 14 Apr 2007, Jon R. Kibler wrote:
> CYMRU has 7/8 listed as a bogon:
> http://www.cymru.com/Documents/bogon-dd.html
>
> Their list is more or less authoritative, so I would believe that you should
> never see traffic from that netblock. This is also consistent with Sprint
> blackholeing it as a bogon in your original post.
Their list is no more "authoritative" then mine and I suspect they simply
did not look into this netblock case before. Another bogon tracking
system http://www.cidr-report.org/#Bogons does not list it as bogon
even though it does see same 7.1.1.0/24 announcement by Sprint.
I'm also curious to know why you think that Sprintlink is blackholing it?
-----
In case you're wondering they do route this block, here is where my
traceroute ends:
...
11 sl-bb20-rly-12-0.sprintlink.net (144.232.7.249) 79.181 ms 76.106 ms
77.925 ms
12 sl-bb20-tuk-11-0.sprintlink.net (144.232.20.137) 97.675 ms 97.748 ms
98.021 ms
13 sl-bb21-tuk-15-0.sprintlink.net (144.232.20.133) 97.672 ms 97.579 ms
280.387 ms
14 sl-bb21-lon-14-0.sprintlink.net (144.232.19.70) 168.667 ms 169.151
ms 179.363 ms
15 sl-bb23-lon-14-0.sprintlink.net (213.206.128.54) 168.879 ms 168.922
ms 168.716 ms
16 sl-bb21-ams-3-0.sprintlink.net (213.206.129.142) 161.711 ms 161.816
ms 180.609 ms
17 sl-bb20-ham-14-0.sprintlink.net (213.206.129.50) 167.782 ms 167.884
ms 167.716 ms
18 sl-gw2-ham-0-0-0.sprintlink.net (217.147.96.100) 167.770 ms 167.928
ms 168.193 ms
19 * * *
Last hop is in Germany which is a bit suspicious for supposed US DoD block
but there are some military bases there after all...
Also there are some interesting messages about this netblock that one can
find on the net, like say:
http://www.monkey.org/openbsd/archive/misc/0207/msg01215.html
http://irisheagle.blogspot.com/2006_03_01_irisheagle_archive.html
> That said, it doesn't mean that the netblock is unused. Most likely it is
> a netblock that DoD actually uses, but it is only routed on DoD's private
> backbone and never on the Internet.
If that is the case and they started using it in the days of J Postel
with his permission, then its not a bogon. Conflicting information at
ARIN and especially that their info was updated in 2006 leads me to
believe that's the case. Add to it that I have several copies of old
DoD hosts table and they all list it as "EDN-TEMP", but what it refers
to and if the block should or should not still be in use I don't know.
Unfortunately all of this does not mean you should allow (or deny) traffic
from 7.0.0.0/8, but it also does not mean that if you do see any traffic
that its necessarily unauthorized.
> william(at)elan.net wrote:
>>
>> Anybody know if 7.0.0.0/8 is or is not allocated to DoD?
>> The data at IANA and ARIN is kind-of confusing...
>>
>> ---------------------------------------------------------------
>> 7.1.1.0/24 ## AS1239 : SPRINTLINK : Sprint
>> 7.0.0.0 - 7.255.255.255 ## Bogon (unallocated) ip range
>> ---------------------------------------------------------------
>> http://www.iana.org/assignments/ipv4-address-space
>> 007/8 Apr 95 IANA - Reserved
>> ---------------------------------------------------------------
>> [IPv4 whois information for 7.0.0.1 ]
>> [whois.arin.net]
>>
>> OrgName: DoD Network Information Center
>> OrgID: DNIC
>> Address: 3990 E. Broad Street
>> City: Columbus
>> StateProv: OH
>> PostalCode: 43218
>> Country: US
>>
>> NetRange: 7.0.0.0 - 7.255.255.255
>> CIDR: 7.0.0.0/8
>> NetName: DISANET7
>> NetHandle: NET-7-0-0-0-1
>> Parent:
>> NetType: Direct Allocation
>> Comment:
>> RegDate: 1997-11-24
>> Updated: 2006-04-28
>>
>> OrgTechHandle: MIL-HSTMST-ARIN
>> OrgTechName: Network DoD
>> OrgTechPhone: +1-800-365-3642
>> OrgTechEmail: HOSTMASTER at nic.mil
More information about the NANOG
mailing list