The problem

April 2003

One of the most fundamental features of the public internet is end-to-end connectivity; the ability for anyone to be able to connect to a far-away service with very little or no cost. Over the years, much like the area code expansions have created a wider range of numbers in use, the same has been happening in the online world.

As new area codes have been added, there has typically been a brief lag in the smaller communities as the local telephone company updates its information about the new area code and in some cases the inability to contact your family, friends, and companies with whom you conduct business. The same is now going on in the internet with the IP protocol.

Prior to August 2002, the range of IP addresses from was reserved for future use. The unassigned or reserved IP addresses have been used in the past to perform Denial of Service (DoS) attacks. A number of Internet Providers as well as Firewall operators decided in order to help limit the effects of these on their network they would perform filtering of the reserved space. This has led to some unintended consequences due to the decentralized nature of the Internet.

IANA assigned the 69/8 range of IP addresses to ARIN for allocation to their member base. ARIN members have been subsequently assigned IP space from this range and have found it to be unusable because there are so many people that have old and outdated filtering in place. Some speculation regarding the filtering focuses on outdated and unattended filters and devices, as well as a lack of understanding and education on the proper maintenance and application of such filters.

ARIN, the organization responsible for the assignment of this address space, has stated that it is not required to ensure end-to-end visibility of said address space. This leaves the members with the tremendous tasks of locating, contacting, and educating every single network on the internet that is filtering this previously reserved space and requesting their operators update their filters.

There are many reasons why outdated filters may have been misapplied. Web sites such as one run by Rob Thomas list ranges to be filtered, making the application of such filters easy. The ease with which such filters are applied means that some may not understand the longer term implications, and thus not be aware of the updates to such templates and guides. Thus the filters are applied once, forgotten, and never updated. Several individuals behind such lists have taken additional steps to alert the community to updates, to include the recent creation of a mailing list specifically for this purpose.

If you have done filtering like this, or suspect your network of filtering these IP ranges, see one of the following links. Also, if you find any websites that still reference IP range as reserved or to be denied in any firewall filtering templates, we are considering allowing people to submit their links for the "69/8 HALL OF SHAME" for not being responsible in keeping their information up to date. You can also use link number 7 here to check address space via a public looking glass.

1 -
2 -
3 -
4 -
5 -
6 -
7 - and

© 2003 jared at puck dot nether dot net homepage pucks main webpage