[nsp-sec] ARIN-REACHABILITY-TESTING
Chris Morrow
morrowc at ops-netman.net
Sat Jan 10 12:42:59 EST 2009
On Sat, 10 Jan 2009, Hank Nussbacher wrote:
> ----------- nsp-security Confidential --------
>
> Can someone explain this block to me:
i have partial info, I think...
>
> NetRange: 173.0.0.0 - 173.0.255.255
> CIDR: 173.0.0.0/16
> NetName: ARIN-REACHABILITY-TESTING
> NameServer: RIP.PSG.COM
> NameServer: NS0.REM.COM
> Comment: This IP address block is being used by ARIN to conduct
> reachability testing in networks 173.0.0.0/8 and 174.0.0.0/8. Please contact
> randy at psg.com with feedback or questions on the testing.
> RegDate: 2008-02-27
> Updated: 2008-02-27
>
> The reason I ask is I just got this alert from IAR:
> AS 378 is now announcing 173.0.5.0/24 which is historically announced by
> ASes: 3130.
> Time: Fri Jan 9 20:51:03 2009 GMT
> Observed path: 10565 2914 3130 378
>
> I did a lookup in http://cs.unm.edu/~karlinjf/IAR/search_prefix.php
> and came up with a bunch of faked ASNs (not just AS378):
> Time Origin Prefix Why? Super Prefix Trusted Origins AS Path
..snip...
> Who is doing this and why?
the short story is that Randy Bush has a contract (with someone else as
well I think REM.com == Hank Kilmer) with ARIN to do reachability testing
for new /8's allocated from IANA to ARIN. I believe he does some
ping/routing tests and notifys folks that appear to be blocking
access/routes from the newly allocated ranges. it does say this in the
description for the block though...
I had thought that the blocks were turned back shortly after the testing
was finished, this has been allocated going on a year now though.
-Chris
More information about the nsp-security
mailing list