Mailing List Archive: NANOG: users

109/8 - not a BOGON

Index | Next | Previous | View Threaded

matthew at walster

Oct 9, 2009, 4:22 AM

Post #1 of 8 (568 views)
Permalink

109/8 - not a BOGON

Hi there,

A customer of mine is reporting that there are a large number of addresses
he can not reach with his addresses in the 109/8 range. This was
declassified as a BOGON and assigned by IANA to RIPE in January 2009.

If you have a manually updated BOGON list, can I please ask that you review
it and update it as soon as possible please? His addresses in 89/8 and 83/8
work just fine, hence this presumption of BOGON filtering.

Matthew Walster

shane at short

Oct 9, 2009, 4:35 AM

Post #2 of 8 (534 views)
Permalink

Re: 109/8 - not a BOGON [In reply to]

Hi Matthew,

I had the same problem with our new range assigned to us by APNIC, out
of 110/8

You're in for a long, hard and frustrating road.

If you manage to get in contact with anyone, or anyone responds to
you, mind letting me know? I'd suspect they'd probably have us blocked
still too, we've just not come across it yet.

Regards,
Shane Short

On 09/10/2009, at 7:22 PM, Matthew Walster wrote:

> Hi there,
>
> A customer of mine is reporting that there are a large number of
> addresses
> he can not reach with his addresses in the 109/8 range. This was
> declassified as a BOGON and assigned by IANA to RIPE in January 2009.
>
> If you have a manually updated BOGON list, can I please ask that you
> review
> it and update it as soon as possible please? His addresses in 89/8
> and 83/8
> work just fine, hence this presumption of BOGON filtering.
>
> Matthew Walster

jstuppi at cisco

Oct 9, 2009, 4:42 AM

Post #3 of 8 (534 views)
Permalink

RE: 109/8 - not a BOGON [In reply to]

The 109/8 range was removed from our ISP Ingress Prefix Filters in
version 22 (dated 6-Feb-2009):

ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Template
s/T-ip-prefix-filter-ingress-loose-check-v22.txt

Thanks,
John

-----Original Message-----
From: Matthew Walster [mailto:matthew [at] walster]
Sent: Friday, October 09, 2009 7:22 AM
To: nanog [at] nanog
Subject: 109/8 - not a BOGON

Hi there,

A customer of mine is reporting that there are a large number of
addresses he can not reach with his addresses in the 109/8 range. This
was declassified as a BOGON and assigned by IANA to RIPE in January
2009.

If you have a manually updated BOGON list, can I please ask that you
review it and update it as soon as possible please? His addresses in
89/8 and 83/8 work just fine, hence this presumption of BOGON filtering.

Matthew Walster

leo.vegoda at icann

Oct 9, 2009, 5:08 AM

Post #4 of 8 (531 views)
Permalink

Re: 109/8 - not a BOGON [In reply to]

On 09/10/2009 4:22, "Matthew Walster" <matthew [at] walster> wrote:

> A customer of mine is reporting that there are a large number of addresses
> he can not reach with his addresses in the 109/8 range. This was
> declassified as a BOGON and assigned by IANA to RIPE in January 2009.
>
> If you have a manually updated BOGON list, can I please ask that you review
> it and update it as soon as possible please? His addresses in 89/8 and 83/8
> work just fine, hence this presumption of BOGON filtering.

This might be a good moment to list all the /8s allocated so far this year.

046/8 RIPE NCC 2009-09 whois.ripe.net ALLOCATED
002/8 RIPE NCC 2009-09 whois.ripe.net ALLOCATED
182/8 APNIC 2009-08 whois.apnic.net ALLOCATED
175/8 APNIC 2009-08 whois.apnic.net ALLOCATED
183/8 APNIC 2009-04 whois.apnic.net ALLOCATED
180/8 APNIC 2009-04 whois.apnic.net ALLOCATED
178/8 RIPE NCC 2009-01 whois.ripe.net ALLOCATED
109/8 RIPE NCC 2009-01 whois.ripe.net ALLOCATED

Also, I'd like to mention that if you ever want to check your filters
against the registry, we have made the columns sortable. It's now nice and
easy to identify newly allocated /8s.

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

Regards,

Leo Vegoda

mpalmer at hezmatt

Oct 10, 2009, 3:31 AM

Post #5 of 8 (523 views)
Permalink

Re: 109/8 - not a BOGON [In reply to]

On Fri, Oct 09, 2009 at 12:22:01PM +0100, Matthew Walster wrote:
> A customer of mine is reporting that there are a large number of addresses
> he can not reach with his addresses in the 109/8 range. This was
> declassified as a BOGON and assigned by IANA to RIPE in January 2009.
>
> If you have a manually updated BOGON list, can I please ask that you review
> it and update it as soon as possible please? His addresses in 89/8 and 83/8
> work just fine, hence this presumption of BOGON filtering.

A pingable address in the problem range would help people to quickly
evaluate whether they have a problem in their network or upstreams...

- Matt

matthew at walster

Oct 20, 2009, 1:51 AM

Post #6 of 8 (454 views)
Permalink

Re: 109/8 - not a BOGON [In reply to]

2009/10/10 Matthew Palmer <mpalmer [at] hezmatt>

> A pingable address in the problem range would help people to quickly
> evaluate whether they have a problem in their network or upstreams...
>

The router has the address "109.68.64.1" - saves giving out customer's IP.

Does anyone have any recommendations for dealing with BOGON space that
hasn't been defiltered by networks? Any ideas how to get people to update
filter lists?

Matthew Walster

shane at short

Oct 20, 2009, 5:01 AM

Post #7 of 8 (450 views)
Permalink

Re: 109/8 - not a BOGON [In reply to]

I've found pinging a polite email to the whois contact on the ASN -
sometimes- gives useful results, but not always.

Be aware that you're not only dealing with router black-holes, but
seemingly some people have applied bogon filtering to their BIND name
servers also.

If you can provide a non bogon IP within the same AS, it can be useful
for the person at the other end-- shows them they have a problem.

-Shane

On 20/10/2009, at 4:51 PM, Matthew Walster wrote:

> 2009/10/10 Matthew Palmer <mpalmer [at] hezmatt>
>
>> A pingable address in the problem range would help people to quickly
>> evaluate whether they have a problem in their network or upstreams...
>>
>
> The router has the address "109.68.64.1" - saves giving out
> customer's IP.
>
> Does anyone have any recommendations for dealing with BOGON space that
> hasn't been defiltered by networks? Any ideas how to get people to
> update
> filter lists?
>
> Matthew Walster

twilde at cymru

Oct 20, 2009, 7:46 AM

Post #8 of 8 (450 views)
Permalink

Re: 109/8 - not a BOGON [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/20/2009 8:01 AM, Shane Short wrote:
> I've found pinging a polite email to the whois contact on the ASN
> -sometimes- gives useful results, but not always.
>
> Be aware that you're not only dealing with router black-holes, but
> seemingly some people have applied bogon filtering to their BIND name
> servers also.
>
> If you can provide a non bogon IP within the same AS, it can be useful
> for the person at the other end-- shows them they have a problem.

References to documents on bogon best practices are a good idea when
trying to contact WHOIS contacts as well - our bogon reference page and
the IANA IPv4 address space assignments page are probably good places to
start on that:

http://www.team-cymru.org/Services/Bogons/
http://www.iana.org/assignments/ipv4-address-space/

Shane makes a good point about BIND and other configs - we actually
stopped including static bogons in our BIND and BGP/JunOS templates
earlier this year because we found they were being used and not updated,
despite our warnings not to do so.

Best regards,
Tim Wilde

- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde [at] cymru | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrdzSwACgkQluRbRini9tgJaACfRnjhFKCv7sKUuNc98r+sn0cG
DDUAn2K5ASv8Pmi+UCbLw0NM6k64r+AF
=Lo8x
-----END PGP SIGNATURE-----

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads