hi: Just a litle update: 41/8 allocated to AfriNIC (APR 2005). 73/8 allocated to ARIN (MAR 2005). hope it helps.
On 20 Apr 2005 at 22:12, Cristian Rodriguez wrote:> hi: > Just a litle update: > > 41/8 allocated to AfriNIC (APR 2005). > > 73/8 allocated to ARIN (MAR 2005). > > hope it helps.This post reminds me to ask about the reason for having all the supposedly unallocated subnets in in your rfc1918 or bogons file. I note that in the docs, Tom recommends NOT including these now, and that has been my experience as well. (I''ve had at least three instances where users could not get to my locally hosted FTP server which was ultimately traced, after much trouble, to an over zealous rfc1918 file. I''ve since stripped all but the actual rfc1918 entries out). The question is: why bother listing un-allocated subnets in the bogons file at all? How common is it for someone to actually use one of these for any sort of attack, since they are presumably un-routeable? It would seem that the only people likely to be able to successfully use these would be on the same subnet of the same ISP, because these are not routed. Where am I going wrong? -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 .
2005/4/22, John S. Andersen <jsa@norcomix.dyndns.org>:> > The question is: why bother listing un-allocated subnets in > the bogons file at all? How common is it for someone to > actually use one of these for any sort of attack, since > they are presumably un-routeable? >I saw one example just one week ago. a guy doing pretty bad things, using only bogus ips.
On 22 Apr 2005 at 13:49, Cristian Rodriguez wrote:> 2005/4/22, John S. Andersen <jsa@norcomix.dyndns.org>: > > > > The question is: why bother listing un-allocated subnets in > > the bogons file at all? How common is it for someone to > > actually use one of these for any sort of attack, since > > they are presumably un-routeable? > > > I saw one example just one week ago. a guy doing pretty bad things, > using only bogus ips.How successful would he have been had you not had his subnet in your bogons file? - And if you did have it in there, how is it you saw anything at all? It seems to me that hiding behind a bogons file leaves you wide open to attack from 99.999999% of the address space. -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 .
John S. Andersen wrote:> On 20 Apr 2005 at 22:12, Cristian Rodriguez wrote: > >>hi: >>Just a litle update: >> >>41/8 allocated to AfriNIC (APR 2005). >> >>73/8 allocated to ARIN (MAR 2005). >> >>hope it helps. > > This post reminds me to ask about the reason for having all > the supposedly unallocated subnets in in your rfc1918 or bogons > file.I suppose that it could help in the case of syn-floods that used bogon source addresses.> > I note that in the docs, Tom recommends NOT including these now, and > that has been my experience as well. > > (I''ve had at least three instances where users could not get to my > locally hosted FTP server which was ultimately traced, after much > trouble, to an over zealous rfc1918 file. I''ve since stripped all > but the actual rfc1918 entries out). >Since Shorewall version 2.0.1, the rfc1918 file has listed nothing but the three RFC 1918 ranges. The ''nobogons'' option is there for people who believe that filtering bogon source addresses is important; it can be ignored by the rest of us. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Cristian Rodriguez wrote:> hi: > Just a litle update: > > 41/8 allocated to AfriNIC (APR 2005). > > 73/8 allocated to ARIN (MAR 2005). > > hope it helps.Updated bogons and rfc1918 files are available at http://shorewall.net/errata.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Cristian Rodriguez wrote:> hi: > Just a litle update: > > 41/8 allocated to AfriNIC (APR 2005). > > 73/8 allocated to ARIN (MAR 2005). > > hope it helps.Updated bogons and rfc1918 files are available at http://shorewall.net/errata.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key