[AusNOG] New /21 on Bogan / Delinquent Lists
Shaun Dwyer
shaun at dwyer.id.au
Wed Sep 16 13:21:28 EST 2009
What happened to the APNIC de-bogon project?
I'd argue that APNIC's should be pro-active in de-bogon'ing prior to
allocating the IP space. The range should be at least 90% routable
prior to being allocated.
It shouldn't be left to the poor network operators who get assigned
new IPs to contact NOCs and get it de-listed.
Additionally, it wouldn't take much to do this testing. A single linux
server with some scripts and quagga is all it'd take.
In the case mentioned below about telstra's SMTP servers blocking the
allocated range... that should be done with prefix lists at BGP
peering points, not at firewall/application level.
RSS feed for bogon list anyone?
Cheers!
-Shaun
On 16/09/2009, at 10:02 AM, Nathan Brookfield wrote:
> Mark,
>
> I agree, it is certainly no fault of APNIC but they were initially
> less than helpful when I advised them that we were having severe
> routing issues a week after the allocation was issued.
>
> I have had a great response from users on the group and I appreciate
> everyone who has contacted me directly, you've all been a great help.
>
> -----Original Message-----
> From: Mark Smith [mailto:mark.smith at team.adam.com.au]
> Sent: Wednesday, 16 September 2009 9:44 AM
> To: Nathan Brookfield (SAU)
> Cc: ausnog at ausnog.net
> Subject: Re: [AusNOG] New /21 on Bogan / Delinquent Lists
>
> Nathan Brookfield wrote:
>> Hi All,
>>
>> I know this is a bit of an unusual request, not something I see on
>> AUSNOG regularly but we have had the very unfortunate luck of being
>> assigned a /21 from APNIC within the last 2 months which we are now
>> slowly starting to assign to customers.
>>
>
> A bit of "spam" to operator lists isn't unreasonable for this sort of
> problem.
>
>> When the first customer was put onto this subnet they advised that
>> traffic from our network to ExeTEL appeared to be null routed into
>> a blackhole so after raising a ticket with ExeTEL I quickly found
>> out that the allocation had been blacklisted some years back for
>> malicious activity, over the last weeks we have been escalating
>> issues to Singtel and a long laundry list of other peers who have
>> the prefix blocked.
>>
>> Today we are dealing with Telstra who have the prefixed denied on
>> all SMTP servers which has been fun but looks like it’s almost at
>> an end.
>>
>> Can I please reach out to all Sys Admins on the group to check your
>> networks and if you are blocking 180.92.192.0/21 if you could
>> please allow traffic from this subnet back into your networks.
>>
>> APNIC of course are no help, the fact it appears this subnet is
>> less than 90% routable does not help as they just won’t re-issue
>> the allocation plus we are too far past that stage now ☹
>>
>
> We've that trouble a few times over the last couple of years, but I
> don't think APNIC are at any fault at all for it. They send out
> notifications about new address ranges they're going to allocate
> around
> 12 months in advance to a number of operator forums (I think this one
> included). I think it's lazy sys/netadmins who are at fault - if
> they're
> going to put these sorts of blackholing measures in place, they need
> to
> fulfill the ongoing obligation they've created to keep the up to date.
> If they're not going to do that, then they shouldn't cause trouble for
> the rest of us by doing it in the first place.
>
> Regards,
> Mark.
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090916/a2e25e1d/attachment.html>
More information about the AusNOG
mailing list