Rogers Canada using 7.0.0.0/8 for internal address space

Jeremy jbaino at gmail.com
Tue May 24 22:22:20 CDT 2011


Please excuse my ignorance on this and note that I am not condoning the
hijacking of IP address space.

As long as necessary precautions are taken (route filters, tunnels, VRF's)
shouldn't this be technically feasible without any negative ramifications?

These 7-NET address seem to be assigned to the modem itself, but surely they
aren't what the customer sees at thier WAN IP address right? So as long as
the modem is configured to send ALL traffic, regardless of destination
address (could be a 7NET dst) over a GRE tunnel to some aggregation point
via its acquired 7-net address and all routers were to keep the 7net on a
separate VRF, shouldn't they be able to avoid any IP collisions? Couldn't
you theoretically use anyone's IP space, advertised or not, for this
internal transit? I'm not saying it's a good idea, it's certainly more
complex which leads to its own issues, but shouldn't it be possible?

-Jeremy

On Tue, May 24, 2011 at 9:50 PM, Steven Bellovin <smb at cs.columbia.edu>wrote:

>
> On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote:
>
> > ----- Original Message -----
> >> From: "Jimmy Hess" <mysidia at gmail.com>
> >
> >> On Tue, May 24, 2011 at 4:34 PM, <Vinny_Abello at dell.com> wrote:
> >>> I think those within the organization that deploy those vehicles or
> >>> are Navy SEALs might sit at different lunch tables than the guys
> worried
> >>> about IP address collisions. ;-)
> >>
> >> The F/A-18 Hornets, F/A-22 Raptors are well, and good, but that's old
> >> technology The folks in charge of the MQ-1 predator drones might sit
> closer to
> >> the guys worried about the IP addresses.
> >>
> >> And automated drone strikes can always be blamed on a malfunction
> >> caused by the hijacking
> >
> > If packets that control armed drones cross any router that has access
> even to
> > SIPRnet, much less the Internet, someone's getting relieved.
>
>
> http://www.eweek.com/c/a/Security/Militants-Hack-Unencrypted-Drone-Feeds-477219/
>
>                --Steve Bellovin, https://www.cs.columbia.edu/~smb
>
>
>
>
>
>
>



More information about the NANOG mailing list