[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Time to add 2002::/16 to bogon filters?
Le 2018-07-09 18:10, valdis.kletnieks at vt.edu a écrit :
> On Mon, 09 Jul 2018 15:21:31 +0200, "Fabien VINCENT (NaNOG)" said:
>
>> I think it's still used a bit ? I see today announcements over the
>> following OriginAS over more than 2000 peers.
>>
>> as1103 SURFnet bv
>> as1835 Forskningsnettet - Danish network for Research and Education
>> as2847 Kauno technologijos universitetas
>> as6939 HURRICANE
>> as16150 Availo Networks AB
>> as25192 CZ.NIC, z.s.p.o.
>> as28908 A3 Sverige AB
>
> Announced and used are two different things.. :)
>
> sudo tcpdump -ni any 'net 2002::/16' tcpdump: verbose output
> suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size
> 262144 bytes
> 15:10:59.588097 IP6 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413 >
> 2001:470:1f12:dead::beef.51413: UDP, length 94
> 15:10:59.588233 IP6 2001:470:1f12:dead::beef.51413 >
> 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413: UDP, length 365
I'm pretty sure that 2002: address is (a) *your* end of the tunnel and
(b)
only visible inside your network and *inside* the HE tunnel to the other
end.
In other words, it shouldn't be seen out on the public net if it's
transiting
an HE tunnel. I bet if you changed that '-i any' to '-i wlan' (for
whatever
your router calls the outbound-facing interface) you won't see traffic
on 2002:
You're right, it does need to be public to work ;) So my question is why
it is still and it was announced on DFZ ?
Regards,
--
FABIEN VINCENT
_ at beufanet_