[nsp-sec] Bogon feed
Hank Nussbacher
hank at efes.iucc.ac.il
Thu Mar 11 03:26:32 EST 2010
At 08:22 11/03/2010 +0100, Jan Boogman wrote:
>----------- nsp-security Confidential --------
>
>Hi Hank
>
>I receive a total 30 bogon prefixes, including 172.16/12:
Ignore. Local ACL. Now to figure out why it was applied.
-Hank
>i79zhh-020#sh ip b nei 68.22.187.24 received-routes
>BGP table version is 50124867, local router ID is 164.128.32.11
>Status codes: s suppressed, d damped, h history, * valid, > best, i -
>internal,
> r RIB-failure, S Stale
>Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
>* 5.0.0.0 68.22.187.24 0 0 65333 i
>* 10.0.0.0 68.22.187.24 0 0 65333 i
>* 14.0.0.0 68.22.187.24 0 0 65333 i
>* 23.0.0.0 68.22.187.24 0 0 65333 i
>* 31.0.0.0 68.22.187.24 0 0 65333 i
>* 36.0.0.0 68.22.187.24 0 0 65333 i
>* 37.0.0.0 68.22.187.24 0 0 65333 i
>* 39.0.0.0 68.22.187.24 0 0 65333 i
>* 42.0.0.0 68.22.187.24 0 0 65333 i
>* 49.0.0.0 68.22.187.24 0 0 65333 i
>* 100.0.0.0 68.22.187.24 0 0 65333 i
>* 101.0.0.0 68.22.187.24 0 0 65333 i
>* 102.0.0.0 68.22.187.24 0 0 65333 i
>* 103.0.0.0 68.22.187.24 0 0 65333 i
>* 104.0.0.0 68.22.187.24 0 0 65333 i
>* 105.0.0.0 68.22.187.24 0 0 65333 i
>* 106.0.0.0 68.22.187.24 0 0 65333 i
>* 169.254.0.0 68.22.187.24 0 0 65333 i
>* 172.16.0.0/12 68.22.187.24 0 0 65333 i
>* 176.0.0.0/8 68.22.187.24 0 0 65333 i
>* 177.0.0.0/8 68.22.187.24 0 0 65333 i
>* 179.0.0.0/8 68.22.187.24 0 0 65333 i
>* 181.0.0.0/8 68.22.187.24 0 0 65333 i
>* 185.0.0.0/8 68.22.187.24 0 0 65333 i
>* 192.0.2.0 68.22.187.24 0 0 65333 i
>* 192.168.0.0/16 68.22.187.24 0 0 65333 i
>* 198.18.0.0/15 68.22.187.24 0 0 65333 i
>* 198.51.100.0 68.22.187.24 0 0 65333 i
>* 203.0.113.0 68.22.187.24 0 0 65333 i
>* 223.0.0.0/8 68.22.187.24 0 0 65333 i
>
>Total number of prefixes 30
>
>Cheers
>Jan
>
>Am 11.03.2010 um 06:53 schrieb Hank Nussbacher:
>
> > ----------- nsp-security Confidential --------
> >
> > I am looking at:
> > http://www.cymru.com/Documents/bogon-bn-agg.txt
> >
> > Yet on my feed I am missing an important Bogon:
> >
> > gp1#sho ip bgp nei 68.22.187.24 routes
> > BGP table version is 3248463, local router ID is 128.139.220.90
> > Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> > S Stale
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> > Network Next Hop Metric LocPrf Weight Path
> > *> 5.0.0.0 68.22.187.24 0 0 65333 i
> > *> 10.0.0.0 68.22.187.24 0 0 65333 i
> > *> 14.0.0.0 68.22.187.24 0 0 65333 i
> > *> 23.0.0.0 68.22.187.24 0 0 65333 i
> > *> 31.0.0.0 68.22.187.24 0 0 65333 i
> > *> 36.0.0.0 68.22.187.24 0 0 65333 i
> > *> 37.0.0.0 68.22.187.24 0 0 65333 i
> > *> 39.0.0.0 68.22.187.24 0 0 65333 i
> > *> 42.0.0.0 68.22.187.24 0 0 65333 i
> > *> 49.0.0.0 68.22.187.24 0 0 65333 i
> > *> 100.0.0.0 68.22.187.24 0 0 65333 i
> > *> 101.0.0.0 68.22.187.24 0 0 65333 i
> > *> 102.0.0.0 68.22.187.24 0 0 65333 i
> > *> 103.0.0.0 68.22.187.24 0 0 65333 i
> > *> 104.0.0.0 68.22.187.24 0 0 65333 i
> > *> 105.0.0.0 68.22.187.24 0 0 65333 i
> > *> 106.0.0.0 68.22.187.24 0 0 65333 i
> > *> 169.254.0.0 68.22.187.24 0 0 65333 i
> > *> 176.0.0.0/8 68.22.187.24 0 0 65333 i
> > *> 177.0.0.0/8 68.22.187.24 0 0 65333 i
> > *> 179.0.0.0/8 68.22.187.24 0 0 65333 i
> > *> 181.0.0.0/8 68.22.187.24 0 0 65333 i
> > *> 185.0.0.0/8 68.22.187.24 0 0 65333 i
> > *> 192.0.2.0 68.22.187.24 0 0 65333 i
> > *> 192.168.0.0/16 68.22.187.24 0 0 65333 i
> > *> 198.18.0.0/15 68.22.187.24 0 0 65333 i
> > *> 198.51.100.0 68.22.187.24 0 0 65333 i
> > *> 203.0.113.0 68.22.187.24 0 0 65333 i
> > Network Next Hop Metric LocPrf Weight Path
> > *> 223.0.0.0/8 68.22.187.24 0 0 65333 i
> >
> > Total number of prefixes 29
> >
> > I see that RFC1918: 172.16.0.0/12 is missing. Is this only me?
> >
> > I also note that based on:
> > http://www.cymru.com/Documents/bogon-list.html
> > the prefixes from change 1.9 that were added in April 2003 have been
> silently removed from the list since IANA has allocated them but this
> page has not been updated as to that fact.
> >
> > Regards,
> > Hank
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> > community. Confidentiality is essential for effective Internet security
> counter-measures.
> > _______________________________________________
>
>---
>Jan Boogman - CCIE#7345
>Swisscom - IP-Plus Internet Services - AS3303
>boogman at ip-plus.net - +41 31 342 39 35
>INOC-DBA 3303*JAN
>
>
>
>
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>community. Confidentiality is essential for effective Internet security
>counter-measures.
>_______________________________________________
More information about the nsp-security
mailing list