[Dshield] Stumped by 238.7.6.6

Ken Risdon krisdon at westpeak.com
Mon Jun 17 16:28:17 GMT 2002


Grant -

I believe the address block 224.0.0.0 - 239.255.255.255 is a Class D
reserved block.  Similar to 10.x.x.x is a reserved class A block.  Usable by
anyone and not assignable.  This block is reserved for multi-casting
applications (i.e video and audio).

You might want to sniff your network to see if anyone was playing with
multi-cast applications (IGMP packets).  If it is not coming from within
your own network, have your provider block IGMP packets.

Hope this helps.

Ken Risdon 
Systems / Network Administrator 

Westpeak Global Advisors
1470 Walnut Street
Boulder, Colorado  80302
303-544-7232
303-544-7207 (fax)
krisdon at westpeak.com
http://www.westpeak.com

----------------------------------------------------------------------------
------------------------------
The information in this e-mail is confidential and is solely for the
addressee. 
If you are not the intended recipient, please delete this email. 
Unauthorized reproduction or use of information in this e-mail is
prohibited. 
----------------------------------------------------------------------------
------------------------------


-----Original Message-----
From: Grant Thurman [mailto:Grant at Netprecision.Net]
Sent: Monday, June 17, 2002 9:46 AM
To: list at dshield.org
Cc: ripe-dbm at ripe.net; ripe-dbm at ripe.net; roderik at ripe.net;
joao at ripe.net; andrei at ripe.net; engin at ripe.net; shane at ripe.net;
magnus at ripe.net; denis at ripe.net; nicdb at ripe.net
Subject: [Dshield] Stumped by 238.7.6.6
Importance: High


Sorry the last email got away before I was done:

I have some idiot at 238.7.6.6 (Internet Assigned Numbers Authority) which
resolves to IANA which ends up at RIPE DBM, they (IANA) will do nothing to
help, attacking my mail server every second on IGMP, the firewall is
blocking OK but the logs are huge and it is just a pain. Does anyone know
how to get IANA to answer an email to find out who they gave the IP to so I
can get them to stop?? I am about ready to make a phone call to the
Authorities in The Kingdom of the Netherlands and pusue criminal action.


inetnum:      224.0.0.0 - 239.255.255.255
netname:      IANA-DBLK
descr:        Whole Class D address space
country:      NL
admin-c:      RD132-RIPE
tech-c:       RD132-RIPE
status:       ALLOCATED UNSPECIFIED
remarks:      Country is really worldwide
remarks:      This address space is assigned at various other places in
remarks:      the world and might therefore not be in the RIPE database.
mnt-by:       RIPE-NCC-MNT
mnt-lower:    RIPE-NCC-MNT
changed:      ripe-dbm at ripe.net 20000802
source:       RIPE

role:         RIPE DBM
address:      Singel 258
address:      NL-1016 AB  Amsterdam
address:      Kingdom of the Netherlands
e-mail:       ripe-dbm at ripe.net
remarks:      RIPE Database Administration
trouble:      Documentation: http://www.ripe.net/ripe/docs/database.html
trouble:      FAQ: http://www.ripe.net/faq/database/index.html
trouble:      Questions and problem reports ... mailto:ripe-dbm at ripe.net
trouble:      spam, abuse reports .....  mailto:nicdb at ripe.net
admin-c:      JLSD1-RIPE
admin-c:      AMR68-RIPE
tech-c:       EG792-RIPE
tech-c:       SK15964-RIPE
tech-c:       MPK-RIPE
tech-c:       DW6465-RIPE
tech-c:       CB7777-RIPE
nic-hdl:      RD132-RIPE
mnt-by:       RIPE-DBM-MNT
changed:      ripe-dbm at ripe.net 19970115
changed:      ripe-dbm at ripe.net 19970923
changed:      ripe-dbm at ripe.net 19980211
changed:      ripe-dbm at ripe.net 19990118
changed:      ripe-dbm at ripe.net 19990727
changed:      ripe-dbm at ripe.net 19990909
changed:      ripe-dbm at ripe.net 20000101
changed:      ripe-dbm at ripe.net 20010717
changed:      ripe-dbm at ripe.net 20010810
source:       RIPE

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list