[Dshield] Stumped by 238.7.6.6

John Sage jsage at finchhaven.com
Mon Jun 17 17:10:43 GMT 2002


Several thoughts:

On Mon, Jun 17, 2002 at 08:46:21AM -0700, Grant Thurman wrote:
> Sorry the last email got away before I was done:
> 
> I have some idiot at 238.7.6.6 (Internet Assigned Numbers Authority) which
> resolves to IANA which ends up at RIPE DBM, they (IANA) will do nothing to
> help, attacking my mail server every second on IGMP, the firewall is
> blocking OK but the logs are huge and it is just a pain. Does anyone know
> how to get IANA to answer an email to find out who they gave the IP to so I
> can get them to stop?? I am about ready to make a phone call to the

First: IANA is a super-registry, not an ISP, and they are not
responsible in any way for the _use_ of any of the address space they
administer.

Second: this address space in particular, as someone else has already
pointed out, is a generic multicast address space:

224-239/8  IANA  -  Multicast  Sep 81

and thus is available to anyone to use..


I'm sorry, but your demanding that they "do something about this" will
probably only result in them thinking you're the "idiot", as you put it...


Two thoughts:

1) Stop logging IGMP.

Why are you logging it in the first place? I can't (OK: quickly..)
think of any reason for you to be accepting it from the outside world
at large..

2) Drop all packets sourced from _all_ the private/multicast IP address
space at your point of ingress.

Almost by definition, any such addresses are either bogus or malign
anyway.



Finally, not to pick, but cc:'ing _all_ these people at RIPE just
expands the universe of people who are likely to be laughing at your
expense.

Cc: ripe-dbm at ripe.net, roderik at ripe.net, joao at ripe.net, andrei at ripe.net,
	engin at ripe.net, shane at ripe.net, magnus at ripe.net, denis at ripe.net,
	nicdb at ripe.net

Note: I deleted this cc: list when I responded to your dshield post...


- John
-- 
"You are in a little maze of twisty passages, all different."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the list mailing list