198.32.64.12 -- Harmless mis-route or potential exploit?

Todd Underwood todd-nanog at renesys.com
Tue Sep 2 19:40:49 CDT 2008


dan,

(to follow up on david conrad's response)...

On Tue, Sep 02, 2008 at 04:31:40PM -0700, David Conrad wrote:
> On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote:
> >While recently trying to debug a CEF issue, I found a good number of  
> >packets in my "debug cef drops" output that were all directed at  
> >198.32.64.12 (which I see as being allocated to ep.net but  
> >completely unused).
> 
> As Steve Conte pointed out, that is the address that used to be used  
> for l.root-servers.net.  l.root-servers.net was renumbered almost a  
> year ago, with the announcement of the old address turned off about 6  
> months ago.

there's some context on recent routing issues with this network
described at the renesys blog here:

http://www.renesys.com/blog/2008/06/securing_the_root_1.shtml

in short:  the prefix containing this network was advertised by people
other than iana for a time after iana stopped advertising it. 

checking our current data, that block is not currently routed by any
of our peers over the last month (i would assume ripe ris and
routeviews report similar data, but i did not check them.

t.

-- 
_____________________________________________________________________
todd underwood                                 +1 603 643 9300 x101
renesys corporation                            general manager babbledog
todd at renesys.com                               http://www.renesys.com/blog




More information about the NANOG mailing list