[AusNOG] New /21 on Bogan / Delinquent Lists

Matthew Moyle-Croft mmc at internode.com.au
Fri Sep 18 10:22:18 EST 2009 

It's a pain to have to put effort into new netblocks (we got some of  
the original space that had this problem several years ago), but the  
reality is that I doubt there's a lot APNIC can do.

If a provider/end user/corporate isn't actually actively managing it's  
routing and filtering then APNIC probably can't get them to care about  
something that "might affect them".  Easier, from their brain space,  
to manage via exception.

What I think IS worth coordinating and documenting are the people who  
seem to have problems with actively managing their filtering and the  
contacts for fixing the issues.

A central list for this means that you have a list of people who need  
"education" and a way of solving the problems quickly.

Make it available via APNIC's myapnic website or something.

MMC

On 18/09/2009, at 8:59 AM, Darren Moss wrote:

> Hi Elly,
>
> This is a real pain for us, and we've tried working with APNIC  
> previously, so I am going to vent.
>
> I think this is more than just allocating and "managing" lists for  
> ranges.
> The real issue (for us anyway) is many of the ranges allocated by  
> APNIC contain obsolete, incorrect or fake contact information for  
> the block owner.
>
> This leads to us filtering pretty much entire blocks for naughty  
> people on the internet, which I believe leads to the issue occuring  
> right now (yes I know this does not cover spoofing attempts, but it  
> could help).
>
> The amount of attacks on infrastructure was increased significantly,  
> with many localised attacks coming from Asia-Pacific countries,  
> which should be easily blocked either via contact with the provider  
> or by a third party list.
>
> I am surprised that in this day and age we don't have.....
>
> A) APNIC checking block owner details and suspending where  
> information is not correct (ie: automatic email checking or  
> automatic phone dialer with response keys required)
>
> B) APNIC co-ordinating with other parties (ie: RIPE) for their known  
> bad lists, which the Asia-Pacific communities can utilise for  
> routing, filtering, etc.
>
> There's not much point allocating blocks if we can't monitor and  
> manage when things go wrong.
>
> We are just letting everyone do anything they want on our networks.
>
> My 2c worth.
>
> Regards,
>
>
> Darren Moss
> General Manager, Director
> [p] 1300 131 083 [f] 03 9017 2287
> [e] Darren.Moss at em3.com.au [w] www.em3.com.au
>
> em3 People and Technology | Managed Technology Experts
> postal: PO Box 2333, Moorabbin VIC 3189
>
> New Zealand Airedale Street, Auckland City
> postal: PO Box 39573, Howick 2045
> [p] 09 92 555 26 [f] 09 887 0273 [m] 021 841 541
>
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net 
> ] On Behalf Of Elly Tawhai
> Sent: 2009-09-18 9:00 am
> To: Nathan.Brookfield at serversaustralia.com.au
> Cc: ausnog at ausnog.net
> Subject: Re: [AusNOG] New /21 on Bogan / Delinquent Lists
>
> Dear Nathan,
>
> While APNIC tries its best to allocate clean blocks, as the free  
> pool of
> IPv4 address space reaches exhaustion it is becoming harder to  
> prevent connectivity problems such as what you're currently  
> experiencing from happening.
>
> We understand that this is an important issue for the community; and  
> as such, we do take action to minimize any problems that may result.
>
> We are currently investing extra resources to extend our debogon  
> testing inline with the increase in demand, and in communications  
> and education campaigns to better inform the community of this  
> potential problem.
>
> I will be in touch to see how I can further assist you.
>
> Regards,
> Elly
>
> ------------------------------------------------------------------------
>
> Elly Tawhai                               email:          elly at apnic.net
> Senior Internet Resource Analyst/         sip:       elly at voip.apnic.net
> Liaison Officer(Pacific), APNIC           phone:         +61 7 3858  
> 3188
> http://www.apnic.net                      fax:           +61 7 3858  
> 3199
>
> ------------------------------------------------------------------------
>
>
> Nathan Brookfield wrote:
>> Hi All,
>>
>> I know this is a bit of an unusual request, not something I see on  
>> AUSNOG regularly but we have had the very unfortunate luck of being  
>> assigned a /21 from APNIC within the last 2 months which we are now  
>> slowly starting to assign to customers.
>>
>> When the first customer was put onto this subnet they advised that  
>> traffic from our network to ExeTEL appeared to be null routed into  
>> a blackhole so after raising a ticket with ExeTEL I quickly found  
>> out that the allocation had been blacklisted some years back for  
>> malicious activity, over the last weeks we have been escalating  
>> issues to Singtel and a long laundry list of other peers who have  
>> the prefix blocked.
>>
>> Today we are dealing with Telstra who have the prefixed denied on  
>> all SMTP servers which has been fun but looks like it’s almost at  
>> an end.
>>
>> Can I please reach out to all Sys Admins on the group to check your  
>> networks and if you are blocking 180.92.192.0/21 if you could  
>> please allow traffic from this subnet back into your networks.
>>
>> APNIC of course are no help, the fact it appears this subnet is less
>> than 90% routable does not help as they just won’t re-issue the
>> allocation plus we are too far past that stage now ☹
>>
>> Thanks in advance!
>>
>> Kindest Regards,
>> Nathan Brookfield
>>
>> IT Operations
>> The One Provider Group Pty Ltd
>>
>> Direct:		(02) 4307 4206
>> Fax:		      (02) 4307 4201
>> Network Ops:	(02) 9037 4343
>> Web: 		      http://www.serversaustralia.com.au
>> Office Address:	2/2 Teamster Close, Tuggerah NSW 2259
>> Postal Address:	PO Box 3187, Tuggerah NSW 2259
>>
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

-- 
Matthew Moyle-Croft
Networks, Internode/Agile
Level 5, 162 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc at internode.com.au    Web: http://www.on.net
Direct: +61-8-8228-2909		     Mobile: +61-419-900-366
Reception: +61-8-8228-2999        Fax: +61-8-8235-6909

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090918/778a5149/attachment.html>

More information about the AusNOG mailing list