Hello all,
I've been working on creating bogon ip filtering system in order to stop
some of the dangerous activity that I've seen ip blocks not listed in
whois used for and now have first "milestone" to report. A complete
list of unallocated (bogon) ip space collected based on whois data from
all RIRs is now ready for your use. For more info, please see
http://www.completewhois.com/bogons/
and for the actual bogon ips lists see
http://www.completewhois.com/bogons/bogonips_lists.htm
This data is updated daily based on current whois data by two of our servers
and results compared to make sure its the same on both server before final
updates are made to public. Majority of the data comes from whois where
We've written scripts that examine RIR bulk whois data and produce info on
used and unused space based on that. Those who want "raw" data and create
list of only certain /8 blocks can also get all the files
http://www.completewhois.com/bogons/data/ directory
We also have dns-based service running at bogons.dnsiplists.completewhois.com
that can be used if any ip is allocated by RIR or not, this is used the same
way as similar rbl servers used for email servers and has been used by about
10 beta tests for the last 30 days without any problems. For more info see
http://www.completewhois.com/bogons/bogons_usage.htm
The lists in current form are too large to be used directly on the routers
as ACLs so next steps to fully deal with it in my view is to simply not
accept such routes from peers and customers in the first place. Since
many use RPSL route databases (whois.radb.net and similar), I'm working on
such database for bogons as well, but actual RPSL filtering does not work
because again ip lists are too large to be added all into one filter.
I therefore need your help in deciding how to best present the lists in
RPSL database that others could use with minimum modifications of existing
software ISPs have. I've setup separate mail list at
http://www.completewhois.com/mailman/listinfo/bogons
(or email to bogons-subscribe@completewhois.com)
to talk about this and would like some of your who are experts in RPSL
routing database and its use to help me develop this and test it. The
work will be done after NANOG & ARIN meeting, so I might make another
call for volunteers after the conferences.
Another way would be creating route server in provide list in BGP form,
if you would like to signup to beta-test it when this is ready (end of
November most likely), please let me know as well, including your ASN.
I did try to get specific ASN assigned by ARIN for use for such service
(also I suspect this would be usefull for RPSL server to tie all lists
together), but ARIN ufnortunetly said such ASN can not be assigned as it
would not be used for multihoming. I'll try again provided they pass
experimental resource allocation policy, but otherwise if there is
somebody here from some RIPE LIR who would like to sponsor me there under
RIPE's experimental resource policies, please let me know.
Finally below are the results of comparing bogon ip lists to active bgp table
as seen at Oregon University Route Views. As you might expect this looks
similar to what cidr-report posts every week but includes several additional
routes as well (and the problem is really bad for APNIC blocks, is anybody
at Telstra actually listining?). This file of active bogons is updated daily
and available at http://www.completewhois.com/bogons/active_bogons.htm