184.108.40.206 -- Harmless mis-route or potential exploit?
todd-nanog at renesys.com
Tue Sep 2 19:40:49 CDT 2008
(to follow up on david conrad's response)...
On Tue, Sep 02, 2008 at 04:31:40PM -0700, David Conrad wrote:
> On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote:
> >While recently trying to debug a CEF issue, I found a good number of
> >packets in my "debug cef drops" output that were all directed at
> >220.127.116.11 (which I see as being allocated to ep.net but
> >completely unused).
> As Steve Conte pointed out, that is the address that used to be used
> for l.root-servers.net. l.root-servers.net was renumbered almost a
> year ago, with the announcement of the old address turned off about 6
> months ago.
there's some context on recent routing issues with this network
described at the renesys blog here:
in short: the prefix containing this network was advertised by people
other than iana for a time after iana stopped advertising it.
checking our current data, that block is not currently routed by any
of our peers over the last month (i would assume ripe ris and
routeviews report similar data, but i did not check them.
todd underwood +1 603 643 9300 x101
renesys corporation general manager babbledog
todd at renesys.com http://www.renesys.com/blog
More information about the NANOG