Private use of non-RFC1918 IP space

Adrian Chadd adrian at creative.net.au
Mon Feb 2 14:36:32 CST 2009


On Tue, Feb 03, 2009, Nathan Ward wrote:

> I think you will find that "most ISPs, if not all" in the DFZ "null  
> route" 0.0.0.0/0.

> If they don't have a route covering 1.0.0.0/8, of course packets  
> destined to that prefix will be dropped.

Damn those backup default routes then...

violet:~ adrian$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=246 time=584.909 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=246 time=478.598 ms

...
 6  mumble.gblx.net (69.x.y.z)  11.907 ms  14.086 ms  16.931 ms
 7  ge-2-0-0-10g.scr2.nyc1.gblx.net (67.17.108.233)  18.269 ms  16.460 ms  16.369 ms
 8  64-76-84-39.static.impsat.com.co (64.76.84.39)  218.169 ms * 136.983 ms
$

Reminds me of when I found various ISPs in Asia "leaking" routes somehow,
and large chunks of RFC1918 space suddenly became reachable. Imagine my
surprise when someone started seeing SNMP data for some "auto detected"
SNMP agent IPs suddenly started returning statistics. For SNMP community
"public". For randomly named kit, like "netgear" and "cisco" hostnames.

Adrian



(ObAmusing: said corporate suddenly thought they had more assets and wanted
us to track it down for them; they wouldn't take "its not yours" as an
answer. Why? Because RFC1918 addresses are private, right, and obviously
that means they're -only- visible on -their- network. Thankfully I was
a consultant and that was absolutely not in my scope of responsibility..)




More information about the NANOG mailing list