Private use of non-RFC1918 IP space
adrian at creative.net.au
Mon Feb 2 20:36:32 UTC 2009
On Tue, Feb 03, 2009, Nathan Ward wrote:
> I think you will find that "most ISPs, if not all" in the DFZ "null
> route" 0.0.0.0/0.
> If they don't have a route covering 126.96.36.199/8, of course packets
> destined to that prefix will be dropped.
Damn those backup default routes then...
violet:~ adrian$ ping 188.8.131.52
PING 184.108.40.206 (220.127.116.11): 56 data bytes
64 bytes from 18.104.22.168: icmp_seq=0 ttl=246 time=584.909 ms
64 bytes from 22.214.171.124: icmp_seq=1 ttl=246 time=478.598 ms
6 mumble.gblx.net (69.x.y.z) 11.907 ms 14.086 ms 16.931 ms
7 ge-2-0-0-10g.scr2.nyc1.gblx.net (126.96.36.199) 18.269 ms 16.460 ms 16.369 ms
8 64-76-84-39.static.impsat.com.co (188.8.131.52) 218.169 ms * 136.983 ms
Reminds me of when I found various ISPs in Asia "leaking" routes somehow,
and large chunks of RFC1918 space suddenly became reachable. Imagine my
surprise when someone started seeing SNMP data for some "auto detected"
SNMP agent IPs suddenly started returning statistics. For SNMP community
"public". For randomly named kit, like "netgear" and "cisco" hostnames.
(ObAmusing: said corporate suddenly thought they had more assets and wanted
us to track it down for them; they wouldn't take "its not yours" as an
answer. Why? Because RFC1918 addresses are private, right, and obviously
that means they're -only- visible on -their- network. Thankfully I was
a consultant and that was absolutely not in my scope of responsibility..)
More information about the NANOG