[wellylug] Routing the unroutable, aka 10.0.0.0/8
Peter Lambrechtsen
plambrechtsen at gmail.com
Fri Sep 26 18:01:37 NZST 2014
http://www.computerworld.com.au/article/539336/icann_seeks_tackle_dns_namespace_collision_risks/
On 26/09/2014 3:51 PM, "Christian Gagneraud" <chgans at gna.org> wrote:
> On 26/09/14 10:38, Ewen McNeill wrote:
>
>> On 25/09/14 18:04, Christian Gagneraud wrote:
>>
>>> I was having network problems on our local network, while
>>> troubleshooting I realise that from here I can access lot of address
>>> belonging to the (theoretically not routed) private network 10.0.0.0/8
>>> [10.0.0.0/8 linknet in the middle of traceroutes]
>>>
>>
>> The problem is with the "theoretically" not routed. Back in the old
>> days when there were lots more IPv4 addresses than people who wanted
>> them, everything was numbered with globally unique IP addresses. Which
>> worked well, when there were abundant IP addresses just for the asking
>> (literally when I first started using the Internet you could get a /24
>> just by saying "hi, I'd like some IP addresses please" -- and more with
>> some indication of how you'd use them).
>>
>> Starting 10-15 years ago this stopped being true. So increasingly
>> people started numbering "internal" things with "site-local" addresses.
>> For ISPs, the linknets between their routers are -- sort of --
>> internal: they don't really need to talk to the outside world directly.
>> So at least 10+ years ago some ISPs started using RFC1918 address
>> space for their router linknets, to conserve IPs (IIRC I first saw Xtra
>> doing this around 2000).
>>
>> The trouble is that ISPs have customers. And router linknets can appear
>> in traceroutes, like the one you're doing. So RFC1918 addresses
>> randomly in the middle of traceroutes causes either (a) confusion, or
>> (b) gaps (if your border firewall blocks RFC1918 addresses from the
>> Internet).
>>
>
> Not only Firewall, what about BGP and co? How do you announce to the world
> that 10.X.Y.Z belongs to your AS, when these IP address are supposed to be
> private?
>
> Another weird stuff I found recently is people claiming IP adresses from
> the 127.0.0.0/8 block, eg:
> 127.0.53.53 has been assigned a huge amount of domains with exotic tld,
> Check for example the valid domain "wikileaks.google" (
> https://www.robtex.com/en/advisory/dns/google/wikileaks/#records)
>
> Of course if you traceroute or ping this address you end up on your
> loopback interface. Nonetheless:
> $ dig wikileaks.google A
> [...]
> ;; ANSWER SECTION:
> wikileaks.google. 3600 IN A 127.0.53.53
> [...]
> $ traceroute wikileaks.google
> traceroute to wikileaks.google (127.0.53.53), 30 hops max, 60 byte packets
> 1 127.0.53.53 (127.0.53.53) 0.037 ms 0.014 ms 0.013 ms
> $
>
> ...
>
>
>
>> Unfortunately demand for IPv4 addresses is even higher now, and there
>> are no more IPv4 addresses to be able to give everyone the ample volume
>> they want. So it doesn't surprise me that more and more ISPs end up
>> using RFC1918 addresses in ways that are visible in some situations. For
>> a while longer the ones taking extra care can probably carefully hide
>> that use from outside visibility (eg, reply with loopback address, which
>> may still be one-public-IP-per-router). But I expect private addresses
>> will leak out more and more over the next couple of years, anywhere that
>> doesn't require bidirectional end-to-end communication.
>>
>> TL;DR: nothing to see here, move along.
>>
>> Ewen
>>
>> PS:
>>
>> Now if i scan the same subnet several time in a row, i don't get the
>>> same result, weird!
>>>
>>
>> There are probably multiple, equal cost, paths the traffic can take at
>> that point.
>>
>>
>>
>
> --
> Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
> To Leave: http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20140926/a5d8f974/attachment.html>
More information about the wellylug
mailing list