Slashdot Mirror
The 69/8 Networking Problem
jaredmauch writes "A number of networking providers who receive address space from ARIN have been having problems with their recent IP space allocations. This is a result of outdated filters that applied a few years ago during the boom time of the net, but have not been updated to reflect the current state of the network. Here is a paper that documents some of the problems this filtering is causing providers."
Wine me, dine me, 69/8 me!
is an irc banning bitch. suck it you fag!
I'm just looking over this, since I'm looking to purchase some IP's from my upstream provider. It seems to be that these IP's are somewhat devalued since areas of the net have blacklisted them.
:(
Sort of like a tarnished credit record I guess. This IP's won't be of the greatest value for a few years until the rest of the net catches up.
The IP's would be for home broadband use too. I'll be personally avoiding that IP range.
Karma: Chameleon (mostly due to the fact that you come and go).
... that'll be like the 82/8 problem as well then. Some damn quest router drops my traffic to dilbert.com.
mirror
fucks the eye sockets of goats! FUCK THAT SKULL!
We're all hopped up on sleeping pills and subnet calculations!
...and although most places have finally gotten their act together, this is still a bit of a problem for us. Our ISP has been working quite hard to get people to update their filters (the ISP was one of the first to get addresses in this space), but it's still a bit of a problem. Hopefully being on the front page of slashdot will help the problem some.
I would love everything to be IPv6 now, but it ain't gonna happen for atleast 10 years I think. Even new equipment hasn't got IPv6 :( :/
That would solve problems like this, and create lots of lovely new ones
If only the world was perfect eh?
Frankly this isn't a big surprise. If IANA gave up another previously reserved netblock like 0.0.0.0/8, 96.0.0.0/4, 112.0.0.0/5, 120.0.0.0/6, 124.0.0.0/7, 126.0.0.0/8 or the plethora of other reserved netblocks then they should expect peeps to still have them blacklisted in their personal ACLs. This is only common sense. This isn't exactly news. IANA should have been very forthcoming and gone public with the fact that a previously reserved netblock was no longer reserved PRIOR to selling parts of it. How else would they expect admins like myself to know about the change?
Go fuck yourself
cunt
kunt
Leave it geeks to have a problem with 69ing.
Do we have to teach you nerds EVERYTHING??
http://saveie6.com/
you meat curtain
While the 69/8 netblock has been long known to be reserved, and has been subsequently been "used" by script kiddies and the like for DoS attacks, then if ARIN has decided to open that netblock for sale, then it is up to them to notify and market the netblock as no longer being reserved. Pretty simple actually. This is a case where a non-technical solution is ideal to address what has been a technical problem.
If ARIN isn't doing that, then shame on them. If they are doing that, and we're just ignorant of it, them shame on us.
Rule #1 -- Politics always trumps technology.
I sometimes wonder, given all the tech layoffs in the last two years, if half the 'net was left running on autopilot. Keeping the filters up to date with current practices would be a lot more likely if there was an adequate number of admins left to man the guns.
PayPal is the authorized payment processor for SlashDOT.org agglutinin forewarn liberate crushing spitting thanklessness sublanguages forfeit stenographers arithmetics obtainably protein junctions pleads belch humbling attract metro bitter where stagnant lighter heedlessly sourest scantiest enough directing achieved amyl extract chime unreasonable basketball inconsistency rescuers sincerity wasted efforts meteoric permeable combing besmirch spacings
you nut cracker.
Maybe providers will see that if their users are Internet dickheads (ie. DoSing, sending spam, etc) their IPs will be blacklisted and therefore less valuable.
Sort of like wanted good people to rent your house so they don't screw it up.
touch hole lover
A: 10 minutes into this call, what is the problem? IS there a problem??? 8^P
B: the problem is obviously w/you. I mean, that's obvious. i could explain it to you, but it's too obvious.
A: oh, of course, I should have seen that.
B: Exactly.
A: no prob, I'll transfer the call over to you, hang on...
B: Coward!
A: no, realistic.
B: Take away your bowling shoes, and what kinda helpdesk guy are you?
A: 11 minutes and counting, I have NO idea what the problem is????
B: Try thinking of it as a "bowling" problem. He's having problems "bowling" at a particular "lane". Why is that?
A: oh thats easy, he has no ball!
B: Good! And the "ball" in this case is...C'mon, it's easy
B: An "internet connection"
B: I've done a remote reverse caller-ID on the UDP checksums, and you're not talking to one of our customers
A: hes on adsl, i "think" he might be having trouble getting to a web site, but not too sure about that...
B: No no no, you're not listening. Integreal MD5sum shows that he's not connected to the Internet
A: i knew it, hes an aol customer being foisted on me!
B: I shouldn't have to tell you how to do a backward ICMP telnet to his firewall
A: well, reimplement his tcp/ip checksum protocol damnit Scotty!
B: You know, hanging up on the customer *is* cheating.
A: ha ha ha, i hadn't thought of that.. hmm.....
B: I had this problem once before. Ask him if he's running apache.
B: Just trust me on this
B: And tell him to flush his caching queue if he is
A: ok, hang on.
A: turns out he's using a palm pilot!
B: Tell him from me it's absolutely *essential* he use a bit-free serial cable for surfing.
B: If he has any bits left in the serial cable, they'll end up XORing incoming bits, which of course results in firewall problems.
B: Give it a good shake into a bit bucket, should be good
A: 18 minutes, *NOW* he mentions his computer started up in safe mode??????
A: what the hell is going on, if i didn't know better, i'd think this was joke call????
B: Has he lowered his cone of silence? If he has, tell him to try raising it.
B: That also causes firewall problems.
B: In fact, I'm detecting big firewall problems at this end.
B: Has he crossed the streams? I had that happen to a customer once
B: Big mess
B: Had to totally take down the proton packs
B: Nothing like an unlicensed proton accellerator to wreak havoc w/your firewall
A: customer's name is Beelzebub, does that mean anything??
B: Check billing, I think he's a Chicago customer
B: Have you told him to shut down his Internet?
B: Ask him if his O'Reilly Safari sub. has come due
B: Or if he's maybe shut down his memory
B: Did you try reformatting his CPU?
A: his memory? don't get me started!
B: Memory issues? That's MAJOR firewall problems right thjere
A: not yet, I was starting with the power supply.
B: Oh man, I had a firewall once that jumped up and bit the customer
B: Right between the eyes
B: Took me an hour to calm her down
A: this guy has no memory. oh, you meant the computer!
B: BAM
B: just like that
B: Tell him to try shutting down his website
B: I heard "error message"
B: Was it about the firewall?
B: I bet it was
B: There it is again! "Error message"!
B: Totall the firewall
B: Start like this: "Sir, I have analyzed your firewall"
B: "and it is currently set to filter outgoing ICMP checksums"
B: "This is obviously in contradiction of many, many RFCs"
B: "and if we're going to avoid a fine, you'r
While slightly off-topic, I'd like to call attention to my prom pictures located at this website.
They include some nice 69ing.
Is it just me or was this block removed from the reserved list by IANA and assigned to ARIN roughly midway through 2002? Man, the lag is getting worse around here all the time..........
Theres a ton of companies sitting on class A blocks and doing nothing with them. Anything from 4.0.0.0 and up is hardly used. Redistribute these as a temporary solution until IPv6 is mainstream.
Only the State obtains its revenue by coercion. - Murray Rothbard
You repugnant shitcake. Go polish off another bucket of feces.
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.
FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
at your next bukkake session please guzzle the glass of cum.
I would imagine that most readers of Slashdot would have problem in real life getting past filters that block access to 69.
Find the Internet's most notorious spam-supporting ISPs, like Qwest and Verio and anything in China or Brazil. Revoke all of their allocated IP space and give it to ISPs requesting new IP allocations, then redistribute the 69/8 IP addresses to Verio, Qwest, etc. That way no one will need to update their filters.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
One more crippling bombshell hit the already beleaguered Slashdot troll community when everybody confirmed that the troll community has dropped off the map yet again, now down to less than a fraction of 1 percent of their original creativity. Coming on the heels of a recent realization which plainly showed that trolls are retards, this news serves to reinforce what we've known all along. Trolls are not creative, educated, and is exemplified by repeated trolling attempts using the same old troll. You don't need to be a Psychologist to predict that the majority of trolls on the Slashdot website have no future. The crayon writing is on the wall: trolls face a bleak future. In fact there won't be any future at all for trolls unless they learn to be more creative. Things are looking very bad for trolls. As many of us are already aware, trolls continue to lose appeal.
The "*BSD is dying" trollers are the most endangered of them all, having lost 93% of its original amusement and creativity. The gradual and unpleasant repetition over a long time only serves to underscore the point more clearly. There can no longer be any doubt: trolls are retards.
Let's keep to the facts and look at the numbers.
All the good trolls have ditched Slashdot. Such figures as Signal_11 have gone away to leave the retard trolls behind. How many creative trolls are there? Let's see. The number of creative trolls is roughly nil. Therefore there are far more retards than creative trolls.
Due to the suckiness of trolls, abysmal creativity skills and so on, good trolls have left Slashdot and went to Kuro5hin.
Fact: Trolls are retards.
For 69.69.69.0/24????
Thats the C I want!
filthy kike
When I started working for the company I'm working for, whose name shall remain unpublished, there was a bit of funny going on with the ip addressing schemes of our various offices. Instead of fooling around with that silly private address space nonsense, they just went allocating /8 blocks devil-may-care, one for each office, and I'll just say there were more than ten of them. Oddest bit was, nobody really seemed to notice all that much, except for the few odd folks who'd try to visit their alma mater's website and met with frustration every time. 128/8 and 129/8 were mysteriously always unavailable.
So 69/8 is blacked out? Ah, big deal. At least the dba can get to Oracle's website now. 192/8 was an office with about 60 people, if you can believe that. Strange folks out there setting up networks. Shield your young.
69 hex = 105 decimal, and 69 decimal = 105 octal.
8 being for octal, and hexadecimal because it's cool.
You can't judge a book by the way it wears its hair.
Last year I had to rush over to a client to look at why they couldn't send email with their lawyers and, ironically, the firm I worked for (which was an on-going issue).
Turns out that a previous admin blocked all the "reserved" nets, including the 65/8 net which the lawyers and my firm were in.
Blocking these seems like a good idea, but it tends to get neglected and only causes problems in practice.
The 69/8 Networking Problem
[ The Internet ] Posted by timothy on Monday April 14, @09:26PM
from the modular-arithmetic dept.
jaredmauch writes "A number of networking providers who receive address space from ARIN have been having problems with their recent IP space allocations. This is a result of outdated filters that applied a few years ago during the boom time of the net, but have not been updated to reflect the current state of the network. Here is a paper that documents some of the problems this filtering is causing providers."
( Read More... | 69 comments )
Still, I suppose if it is being NAT'd properly, it maybe ok, I guess [pained look].
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"The user forgot to cloak - it may not have been abuse by an op. Sorry to drdink for jumping the gun like that.
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
I WILL GIVE YOU MY REAL NAME!
My real name is John Klein and I am a 4th year computer science major at the University of Regina. I am the representative for the faculty of science at the University of Regina. My email address is kleinjoh@uregina.ca yes please email me at kleinjoh@uregina.ca because I want to enlarge my penis so that men may be impressed by it. I am from Queen City it is because I am a gay
My ICQ NUMBER IS 1850613
Apparently the 69.0.0.0/8 is enough of an issue that folks on that address space can't even read this article on slashdot.org.
Thanks,
Shawn M. Thomas
Information Technology Specialist
tr0llz-r-k3wl!!! Fukk-0ff-n-d13.
Tm
Support TBI Research: http://www.raisinhope.org
The problem isnt man reach exceeding his grasp, it's the fact that he doesn't really look at what he is grabbing.
"The saddest words of mice and men, are not those which were, but should have been."
ARIN, the organization responsible for the assignment of this address space, has stated that it is not required to ensure end-to-end visibility of said address space. This leaves the members with the tremendous tasks of locating, contacting, and educating every single network on the internet that is filtering this previously reserved space and requesting their operators update their filters.
While they're at it, it'd be nice to educate every single network on the internet about security and such. Or, maybe we need a new policy of "turning off" networks that don't conform to the rest of the internet's policies.
It's a huge undertaking. I don't envy them.
A programmer is a machine for converting coffee into code.
Why are you still referring to pieces of 8 ("/8")? Quarters are good enough, and they're so unique these days!
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
Have you ever had a IP address that you just couldn't get to, though you were positive that it was up and online?
So... you go over to a friend's (or for those who can , SSH to an alternate machine) and the IP is accessible. You know the site is available, so you spend a lot of time in the firewall settings, even opening the firewall entirely... but still no luck.
I had this problem with my ISP, and finally traced it to that 66.xx.xx.xx IP addresses were unreachable (including redhat.com, very annoying), but only when I was on a certain bank of dynamically assigned IP's. Releasing my IP and leaving the PC off overnight used to solve the problem.
For awhile, it was occuring after I got a dedicated IP as well. When I called my ISP on this, they told me to reboot my modem, let it sit off for about 15, and then restart. Try explaining to low-tier tech support about how downtime is bad when you run a server.
Luckily, all is fixed now, since I've moved to another city (same ISP, but no problems), but I wonder if this problem is related to base ISP-side filtering, or if anyone else has experienced it. At one time, I had a box with a non 66.xx.xx.xx IP and a box with a 66.xx.xx.xx IP and they couldn't even talk to each other properly, though both could get online without a problem!
Jon Lewis setup a nice utility to test if your network is affected by outdated filters.
http://69box.atlantic.net/
It includes a nifty traceroute utility that you can use to test with.
As a holder of space in the 69/8 range, I'll admit the problem is annoying, but thanks to people like Jon, and this posting on Slashdot, hopefully it will go away.
It was only recently that the 24/7 networking problem was solved, and now they've moved on to researching the 69/8 problem. Any progress on that could have huge ramifications.
His point was that in many applications, if you tell them to bind to "0.0.0.0", they map that to INADDR_ANY
"The 69/8 Networking Problem"
When I first read that, I thought 69/8 was a reference to my boss's sense of time. "To beat the competition, you must work 69 hours a day, 8 days a week!"
Man I hate crunch time.
The issue is that if you are blocking something as big as a /8 then you want to know for sure the status of that entire address space, and check it regularly.
Not OK unless you do double NAT + DNS translation[1], or use proxies, OR nobody on such a network will ever want to communicate with the site which is legitimately using that address.
Otherwise the gateway machines would get confused on which 69.x.x.x the packet wants to get to.
[1] If the network is badly screwed up, good luck finding enough reserved/unused network ranges for the swap tho. There are just so many reserved spaces to use.
I was originally going to propose this for 126/8, but this netblock seems more appropriate. ARIN should take 69/8 back and re-assign it specifically for the purpose of spammers and their hosting services. Make it illegal (like maybe a death penalty) for doing any spamming or hosting any spammers unless it's done from this block of address space.
now we need to go OSS in diesel cars
IANA has been handing out new netblocks from the previously-reserved ranges for a long time.
Why was this never a problem worthy of slashdot for any of the previous allocations?
Perhaps because they were not made to ARIN, so they only affected those pesky non-Americans?????
Assholes
We used to have a similar problem at my old work, where 64.0.0.0/8 was used as a test network. Unfortunately this address range was then assigned, which meant that several websites, notably Hotmail, where unaccessible. It was a right PITA and no-one seemed bothered about fixing it. Fortunately it did get fixed, when we renumbered our entire network. That was relatively painless, but then there were only about 100 boxen to renumber.
Would you buy a used IPv6 from these guys? They've already wasted 48% of IPv4 addresses in the bogon lists (:-)
Andrew Yeomans
Some countries only get a sinle /24 network. The IPv4 space is full of huge differences in per capita allocations. There are tons of cases where huge corporations and universities have hundreds or thousands of times more unused addresses than used addresses. IPv4 routing tables would get unmanageable if you tried finer grained allocation, but there is little objective reason why MIT needs 16 million public IP addresses. When you have several hundred IP addresses per person, it's no wonder the MIT Media Lab comes up with ideas like IP-enabled tennis shoes.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
wow, 129/8 is where I go to school, that's pretty funny.
Oh, and whoever set up your network is a moron.
--Nuintari
slashdot : where an opinion can be wrong.
Boy, can I relate to this. My company recently aquired an office which is set up using 202.202.202.0/24. Then They're NATing it for internet access. Apparently someone know enough to use NAT, but didn't know to use RFC1918 addresses. Thankfully, we're going to be re-numbering this office soon. As luck would have it, they're the biggest whiners about the shortest amount of downtime so it's been a pain trying to get them to let us change it. I mean, is 10 minutes of downtime at 3am on a Sunday all that bad?
/8s.. course, most of the people around here don't even understand that anything but /24s exist.
At least they didn't dole out
There are a LOT of schools in the 128/8 block from what I remember. Cornell is in there with 128.253/16 and one or two others, and IIRC both CMU and Univ. of Buffalo are 128s.
retrorocket.o not found, launch anyway?