[apops] Updates - Ingress Prefix Filter Templates

  • To: <bgreene at cisco dot com>
  • Subject: [apops] Updates - Ingress Prefix Filter Templates
  • From: "Barry Raveendran Greene" <bgreene at cisco dot com>
  • Date: Mon, 9 Dec 2002 08:17:22 -0800
  • Importance: Normal
  • List-archive: <http://www.apnic.net/mailing-lists/apops/>
  • List-help: <mailto:apops-request@apops.net?subject=help>
  • List-id: Asia Pacific Operations Forum <apops.apops.net>
  • List-post: <mailto:apops@apops.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/apops>,<mailto:apops-request@apops.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/apops>,<mailto:apops-request@apops.net?subject=unsubscribe>
  • Organization: Cisco Systems
  • Reply-to: <bgreene@cisco.com>
  • Sender: apops-admin@apops.net
    • List.]
      
      Hello Everyone,
      
      I've pushed out new versions of the ingress prefix templates. Had a
      really good peer review of the list by Steve Gill. He is working on the
      Junos flavored template. This review resulted in some nice tweaks and
      additions to the list. You can down load the templates from:
      
      ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Template
      s/
      
      Here are the changes with version 1.11
      
      + Changes J-Root:
      
      J.ROOT-SERVERS.NET.     192.58.128.0/24 
      
      + Added 82.0.0.0/8 for the new RIPE-NCC allocation.
      
      + Added a deny for 240.0.0.0/4 le 32 and changed 224.0.0.0/3 le 32 to
      224.0.0.0/4 le 32.
      
      + Matching and adding more DNS G-TLD servers from:
      
      	http://www.qorbit.net/documents/golden-networks
      
      We need help refining the more specifics for the G-TLDs (see below). I
      see /16s, /18s, and other big prefixes in the list. These big prefixes
      worry me. It could mean that root servers administrator are not thinking
      through the impact of a more specific prefix hijack and stacking several
      critical servers on one segment. So, if people have the time and the
      knowledge of the more specifics, please let me know. 
      
      Thanks,
      
      Barry
      
      
      aero             | dns7.denic.de.       | 194.246.96.0/24 
      aero             | merapi.switch.ch.    | 130.59.0.0/16   
      aero             | ns3.knipp.de.        | 194.64.105.0/24 
      aero             | tld1.nominum.com.    | 198.133.199.0/24
      aero             | tld2.nominum.com.    | 192.100.59.0/24 
      biz              | a.gtld.biz.          | 209.173.53.0/24 
      biz              | b.gtld.biz.          | 209.173.57.0/24 
      biz              | c.gtld.biz.          | 209.173.60.0/24 
      biz              | d.gtld.biz.          | 213.86.0.0/16   
      biz              | e.gtld.biz.          | 209.173.58.0/24 
      biz              | f.gtld.biz.          | 209.173.58.0/24 
      coop             | ns1.nic.coop.        | 198.133.199.0/24
      coop             | ns2.nic.coop.        | 192.100.59.0/24 
      gov edu          | a3.nstld.com.        | 192.5.6.0/24    
      gov edu          | b3.nstld.com.        | 192.33.14.0/24  
      gov edu          | c3.nstld.com.        | 192.26.92.0/24  
      gov edu          | d3.nstld.com.        | 192.31.80.0/24  
      gov edu          | e3.nstld.com.        | 192.12.94.0/24  
      gov edu          | f3.nstld.com.        | 192.35.51.0/24  
      gov edu          | g3.nstld.com.        | 192.42.93.0/24  
      gov edu          | l3.nstld.com.        | 192.41.162.0/24 
      gov edu          | m3.nstld.com.        | 192.55.83.0/24  
      info             | tld1.ultradns.net.   | 204.74.112.0/24 
      info             | tld2.ultradns.net.   | 204.74.113.0/24 
      int              | ns.isi.edu.          | 128.9.0.0/16    
      int              | ns.uu.net.           | 137.39.0.0/16   
      int              | ns0.ja.net.          | 128.86.0.0/16   
      int              | ns0.ja.net.          | 193.60.0.0/14   
      int              | ns1.cs.ucl.ac.uk.    | 128.16.0.0/16   
      int museum       | ns.icann.org.        | 192.0.34.0/24   
      mil              | con1.nipr.mil.       | 199.252.128.0/18
      mil              | con2.nipr.mil.       | 199.252.128.0/18
      mil              | eur1.nipr.mil.       | 199.252.154.0/24
      mil              | eur2.nipr.mil.       | 199.252.128.0/18
      mil              | pac1.nipr.mil.       | 199.252.180.0/24
      mil              | pac2.nipr.mil.       | 199.252.155.0/24
      museum           | dns1.getty.edu.      | 153.10.0.0/16   
      museum           | nic.icom.org.        | 195.7.64.0/19   
      museum           | nic.museum.          | 130.242.0.0/15  
      museum           | ns-ext.vix.com.      | 204.152.184.0/21
      name             | a10.nstld.com.       | 192.5.6.0/24    
      name             | f10.nstld.com.       | 192.35.51.0/24  
      name             | g10.nstld.com.       | 192.42.93.0/24  
      name             | l10.nstld.com.       | 192.41.162.0/24 
      name             | ns1.nic.name.        | 193.109.220.0/24
      name             | ns3.nic.name.        | 202.71.192.0/18 
      pro              | a.iana-servers.net.  | 192.0.34.0/24   
      pro              | b.iana-servers.net.  | 193.0.0.0/21