grow: 'Embedding Globally Routable Internet Addresses Considered Harmful' BCP
Dave Plonka <plonka@doit.wisc.edu> Fri, 18 February 2005 16:32 UTC
Received: from darkwing.uoregon.edu (root@darkwing.uoregon.edu [128.223.142.13]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02487 for <grow-archive@lists.ietf.org>; Fri, 18 Feb 2005 11:32:45 -0500 (EST)
Received: from darkwing.uoregon.edu (majordom@localhost [127.0.0.1]) by darkwing.uoregon.edu (8.13.3/8.13.3) with ESMTP id j1IGThRQ000382; Fri, 18 Feb 2005 08:29:43 -0800 (PST)
Received: (from majordom@localhost) by darkwing.uoregon.edu (8.13.3/8.13.3/Submit) id j1IGThGq000380; Fri, 18 Feb 2005 08:29:43 -0800 (PST)
Received: from mil.doit.wisc.edu (mil.doit.wisc.edu [128.104.31.31]) by darkwing.uoregon.edu (8.13.3/8.13.3) with ESMTP id j1IGTgoX000270 for <grow@lists.uoregon.edu>; Fri, 18 Feb 2005 08:29:42 -0800 (PST)
Received: from dplonka by mil.doit.wisc.edu with local (Exim 3.13 #1) id 1D2B0a-0006yj-00 for grow@lists.uoregon.edu; Fri, 18 Feb 2005 10:29:36 -0600
Date: Fri, 18 Feb 2005 10:29:36 -0600
From: Dave Plonka <plonka@doit.wisc.edu>
To: grow@lists.uoregon.edu
Subject: grow: 'Embedding Globally Routable Internet Addresses Considered Harmful' BCP
Message-ID: <20050218102936.B7465@doit.wisc.edu>
Reply-To: plonka@doit.wisc.edu
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Mailer: Mutt 1.0.1i
X-Organization: University of Wisconsin-Madison, DoIT Network Services
X-Organization-Too: Wisconsin Advanced Internet Laboratory (WAIL)
X-URL: http://net.doit.wisc.edu/~plonka/
X-VMS-Error: %SYSTEM-E-FCPREPSTN, file processor reposition error
X-Shakespearean-Insult: Thou clouted beetle-headed vassal
Sender: owner-grow@lists.uoregon.edu
Precedence: bulk
GROWers, Thought you might find this an interesting recent example of the problem we dealt with in draft-ietf-grow-embed-addr. (Haven't heard any progress on an RFC/BCP number since we were notified in December.) Dave ----- Forwarded message from CCO Field Notice ----- Title: Cisco Field Notice: AutoSecure Bogon Filter Potentially Causes Blackholing of Internet Traffic URL: http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5207/products_field_notice09186a00803e13e9.shtml Posted: February 16, 2005 Summary: When the IOS feature AutoSecure is used to lock down a router, a Bogon Filter list can be automatically created and applied to the Internet-facing router interface to block IP packets with spoofed source addresses. A bogon is an informal name for an IP packet on the public Internet that claims to be from an area of the IP address space reserved, but not yet allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated Internet registry. The bogon filter list created by AutoSecure is hard-coded into IOS, and hence, is out-of-date with current IANA address space allocations. When this filter list is applied, the potential exists for legitimate Internet traffic to be denied. The effect will be noticed when Internet traffic sourced from these IP addresses is blocked by the out-of-date bogon filter (access-list), resulting in a traffic blackhole condition. This is further described in the Problem Symptoms section of this Field Notice. ----- End forwarded message ----- -- plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI _________________________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/grow.html web archive: http://darkwing.uoregon.edu/~llynch/grow/