[AusNOG] New /21 on Bogan / Delinquent Lists

Mark Smith mark.smith at team.adam.com.au
Wed Sep 16 13:44:45 EST 2009 

Shaun Dwyer wrote:
> What happened to the APNIC de-bogon project?
> 
> I'd argue that APNIC's should be pro-active in de-bogon'ing */prior/* to 
> allocating the IP space. The range should be at least 90% routable prior 
> to being allocated.
> 

That's the thing. In no way do APNIC have any responsibility for or 
input into the decision to deploy these bogon filters, so why should 
they have the obligation to get them fixed? It isn't practical to 
thoroughly test before hand anyway - obviously nobody can test every 
website and every mail server on the Internet for broken bogon filters. 
Unfortunately reaction upon discovery, by notifying the website/mail 
server operator, is the method that has the most chance of success. 
That's what we've done when we've had to give our ADSL customers those 
addresses.

> It shouldn't be left to the poor network operators who get assigned new 
> IPs to contact NOCs and get it de-listed.
> 

Agree, but we have no choice. We're the collateral damage from this 
"friendly fire". Educating people not to cause the problem in the first 
place is ultimately the best way to avoid it.

(Jumping on the recent licensed Internet user bandwagon, maybe there 
should be a license to be able to build and operate the Internet too. 
"What is usenet?" could be one of the questions :-) )

> Additionally, it wouldn't take much to do this testing. A single linux 
> server with some scripts and quagga is all it'd take.
> 
> In the case mentioned below about telstra's SMTP servers blocking the 
> allocated range... that should be done with prefix lists at BGP peering 
> points, not at firewall/application level.
> 
> RSS feed for bogon list anyone?
> 
> 
> Cheers!
> -Shaun
> 
> 
> 
> On 16/09/2009, at 10:02 AM, Nathan Brookfield wrote:
> 
>> Mark,
>>
>> I agree, it is certainly no fault of APNIC but they were initially 
>> less than helpful when I advised them that we were having severe 
>> routing issues a week after the allocation was issued.
>>
>> I have had a great response from users on the group and I appreciate 
>> everyone who has contacted me directly, you've all been a great help.
>>
>> -----Original Message-----
>> From: Mark Smith [mailto:mark.smith at team.adam.com.au]
>> Sent: Wednesday, 16 September 2009 9:44 AM
>> To: Nathan Brookfield (SAU)
>> Cc: ausnog at ausnog.net <mailto:ausnog at ausnog.net>
>> Subject: Re: [AusNOG] New /21 on Bogan / Delinquent Lists
>>
>> Nathan Brookfield wrote:
>>> Hi All,
>>>
>>> I know this is a bit of an unusual request, not something I see on 
>>> AUSNOG regularly but we have had the very unfortunate luck of being 
>>> assigned a /21 from APNIC within the last 2 months which we are now 
>>> slowly starting to assign to customers.
>>>
>>
>> A bit of "spam" to operator lists isn't unreasonable for this sort of
>> problem.
>>
>>> When the first customer was put onto this subnet they advised that 
>>> traffic from our network to ExeTEL appeared to be null routed into a 
>>> blackhole so after raising a ticket with ExeTEL I quickly found out 
>>> that the allocation had been blacklisted some years back for 
>>> malicious activity, over the last weeks we have been escalating 
>>> issues to Singtel and a long laundry list of other peers who have the 
>>> prefix blocked.
>>>
>>> Today we are dealing with Telstra who have the prefixed denied on all 
>>> SMTP servers which has been fun but looks like it’s almost at an end.
>>>
>>> Can I please reach out to all Sys Admins on the group to check your 
>>> networks and if you are blocking 180.92.192.0/21 if you could please 
>>> allow traffic from this subnet back into your networks.
>>>
>>> APNIC of course are no help, the fact it appears this subnet is less 
>>> than 90% routable does not help as they just won’t re-issue the 
>>> allocation plus we are too far past that stage now ☹
>>>
>>
>> We've that trouble a few times over the last couple of years, but I
>> don't think APNIC are at any fault at all for it. They send out
>> notifications about new address ranges they're going to allocate around
>> 12 months in advance to a number of operator forums (I think this one
>> included). I think it's lazy sys/netadmins who are at fault - if they're
>> going to put these sorts of blackholing measures in place, they need to
>> fulfill the ongoing obligation they've created to keep the up to date.
>> If they're not going to do that, then they shouldn't cause trouble for
>> the rest of us by doing it in the first place.
>>
>> Regards,
>> Mark.
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>

More information about the AusNOG mailing list