Has anyone tried to trace to Register.com's main page yet? I
haven't been able to hit it, and when I try to trace down to them I end up
hitting a 10.0.30.x network, then go back to public IP's...how is that
possible?
Anyone else having trouble connecting to them?
Happy Monday! (still)
Ralph M. Los
Asst. Vice-President, Internet Systems and Security
EnvestNetPMC rlos@envestnet.com
(312) 827-3945 (direct)
(312) 296-9003 (wireless w/voicemail)
* If you haven't been hacked, you don't know where your vulnerabilities lie*
I believe Register.com (or any for that matter) has the right to use
internal address space where ever they want. The fact that internal address
space is showing in a traceroute between you and them might mean a wide
range of things.
In this case, Register.com 'might' be using internal address space on
some(all) of their WAN links.
You <-> Internet <-> Company A Router <-> WAN Link (internal IP space) <->
Company A Router <-> Web Servers
Whether or not people should used RFC reserved IP space for WAN links is not
a discussion I wish to have.
Oh Gawd. Not this again! That is because someone who doesn't care about
PMTU working end-to-end has used RFC1918 addresses on WAN links inside
their network.
And they'll defend to the death their right to do it.
It's the sort of mindset you usually find in religious cults - and we
know how hard it is to deprogram cult members - so let's let that issue be
and not start another flame war...
RFC 1918 space is very commonly used (although it should be almost
universal by now) between the public internet and the final destination
[also public] space. Simple resource conservation.
As for "How", remember that private space is no different from public
space, except for the "gentlemans agreement" we all have not to route it
externally. For use as transit networks, private space _almost always_ a
Good Idea.
As for "How", remember that private space is no different from public
space, except for the "gentlemans agreement" we all have not to route it
externally. For use as transit networks, private space _almost always_ a
Good Idea.
Umm, it's socially irresponsible.
Traceroutes through RFC-1918 space are worthless. My reverse lookups don't
work for your private addresses meaning that I have no idea who's network is
eating the packets.
Even worse is when they overlap with a local set. Traceroutes through local
10.0.0.0 into ISP 10.0.0.0 are extraordinarily confusing when ISP-B's routers
are showing up as RTR-x.local.net. What fun figuring out why there's a router
loop through my first hop after it's already left that network.
Also a blast trying to decipher ICMP errors like host unreachable and Frag
Req'd messages that appear to orignate from nowhere in particular.
You should also be ingress/egress filtering packets with these addresses. That
means no traceroutes, no path MTU discovery, no errors, no nothing. If you or
your peers aren't having problems, then you aren't filtering.
It's anti-clever to use RFC 1918 space on public networks. I'm sorry that it's
too much work to use valid addresses on your network but please don't try to
pass it off as being good behavior.
