[geeks] Fwd: [Incident 020324-000029] unroutable traffic being passed to my nameserver

Rob rstaab at panix.com
Fri Mar 29 21:20:10 CST 2002


It means that your provider is being cheap. Most Tier-1 and therefore
expensive providers do this however there are some who insist on doing
dumb things like route nonroutable IP addresses.

The right thing IMHO, at the minimum, should be filtering
your traffic of non-routables at your borders. Before customer equipment
would be optimal but not required.

Speakeasy is probably using cheap routers which don't have the cpu/memory
to effectively filter. This also means that if someone decides to really
DOS your network, you're hosed.

- Rob (channeling his days when he was the network guy.)

On Fri, 29 Mar 2002, alex j avriette wrote:

> What's the truth in this, NOC-geeks?
>
> alex
>
> Begin forwarded message:
>
> > From: abuse at speakeasy.net
> > Date: Fri Mar 29, 2002  03:28:34 PM US/Eastern
> > To: avriettea at speakeasy.net
> > Subject: [Incident 020324-000029] unroutable traffic being passed to my
> > nameserver
> >
> >
> > We are writing to inform you that we have just updated your Customer
> > Support inquiry.
> >
> > Please DO NOT reply to this email, as will not be able to respond to it
> > or provide additional support.
> >
> > To ensure that you receive a higher level of service, we kindly request
> > that you make further updates to or close your support request in
> > MySpeakeasy (http://www.speakeasy.net/myspeak).  Select Customer
> > Support from the navigation menu and go to the My Info tab to view.
> >
> > For your convenience, we have included a summary of the inquiry details
> > below.
> >
> > Thanks!
> >
> > The Speakeasy Crew
> >
> >
> > Subject
> > ---------------------------------------------------------------
> > unroutable traffic being passed to my nameserver
> >
> > Suggested Answer
> > ---------------------------------------------------------------
> > At 03/29/2002 12:21 PM we wrote -
> >
> > Greetings,
> >  I've spoken with our network engineers, and apparantly implementing
> > this would generate far too much load on our routers; same goes for our
> > upstream provider, Internap. It's definaly something we'd like to do,
> > but just isn't feasable with our current setup.
> >
> > Question
> > ---------------------------------------------------------------
> > I have gotten, since march 23 at 5:15 pm (which is to say 17 hours ago),
> > 2410 unroutable packets (from 172.24.224.87 and 172.25.224.89). I've
> > asked in the past, and I'm asking again now since I seem to be getting
> > even more. Could you please filter traffic from private networks? There
> > is no reason to route it, as replies are impossible, and the traffic is
> > always private -- or malicious.
> >
> > It is specified in RFC 1918, which is available here:
> >
> > http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html
> >
> > A simple capture of the traffic from the two hosts mentioned above is
> > available here:
> >
> > http://envy.posixnap.net/~alex/logs_for_abuse.txt
> >
> > I have been subject to two attacks in the last month or so, both of
> > which involved Mb/s traffic from unroutable hosts. This traffic was
> > either spoofed or erroneous, but it would save you and me both bandwidth
> > and headaches if this traffic could just be dropped at your routers.
> >
> > Thanks for your time, and a reply would be appreciated.
> >
> > -alex
> >
> --
> alex j avriette, perl hacker
> avriettea at speakeasy.net
> http://envy.posixnap.net/
> >
> >
> >
> >
> > Question Reference #020324-000029
> > ---------------------------------------------------------------
> >      Product: Tech Support
> >  Sub-Product: Security and Abuse
> >      Contact: avriettea at speakeasy.net
> > Date Created: 03/24/2002 07:45 AM
> > Last Updated: 03/29/2002 12:28 PM
> > Elapsed Time: 0 Minutes
> >       Status: Closed
> >           OS:
> >
> >
> >
> >
> >
> > Thanks,
> >
> > Henry Hurley
> > Speakeasy Network Abuse
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks



More information about the geeks mailing list