Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The 69/8 Networking Problem

timothy posted more than 11 years ago | from the modular-arithmetic dept.

The Internet 185

jaredmauch writes "A number of networking providers who receive address space from ARIN have been having problems with their recent IP space allocations. This is a result of outdated filters that applied a few years ago during the boom time of the net, but have not been updated to reflect the current state of the network. Here is a paper that documents some of the problems this filtering is causing providers."

cancel ×

185 comments

Sorry! There are no comments related to the filter you selected.

heh (3, Funny)

ergonal (609484) | more than 11 years ago | (#5732808)

Wine me, dine me, 69/8 me!

heh! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732842)

Go fuck yourself

Re:heh (4, Funny)

_ph1ux_ (216706) | more than 11 years ago | (#5733030)

no no no - we're talking about networks here buddy. So its:

Ping me, finger me, 69/8 me!

neat math thing (1)

SHEENmaster (581283) | more than 11 years ago | (#5733081)

69 hex = 105 decimal, and 69 decimal = 105 octal.

8 being for octal, and hexadecimal because it's cool.

Re:neat math thing (1, Funny)

lostchicken (226656) | more than 11 years ago | (#5733148)

Why is Christmas like Halloween?

25 DEC = 31 OCT

ATTENTION! I AM SASKBOY (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733183)

jwbozzy (-1, Troll)

Neuropol (665537) | more than 11 years ago | (#5732810)

is an irc banning bitch. suck it you fag!

zed (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732823)

fucks the eye sockets of goats! FUCK THAT SKULL!

Re:jwbozzy (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732828)

nigger

Re:cunt (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732854)

cunt

Re:cunt (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732866)

kunt

Re:cunt (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732878)

you meat curtain

Re:cunt (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732905)

you nut cracker.

Re:hmmm (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732927)

touch hole lover

Re:hmmm (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5732952)

You repugnant shitcake. Go polish off another bucket of feces.

Re:hmmm (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732994)

at your next bukkake session please guzzle the glass of cum.

Re:hmmm (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733067)

filthy kike

Re:jwbozzy (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5732929)

Oh, Neuropol. You'll never change. Always the same annoying ass-fucking retard. Why don't you go back to licking the shit out of unflushed toilets at McDonalds? You are worthless, and nobody wants you around. Just go die in a dumpster.

Re:jwbozzy (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732963)

you should just go back to crossdressing, you'll never make it as a man. sorry. insightful comment though. Licking toilet bowls is quite original. fuck you. die. before you do, lick my nuts.

Re:jwbozzy (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732982)

Microsoft wants you to help them crash their new server to test Windows 2003. Its IP address is 65.19.78.147.

Re:jwbozzy (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733025)

go ahead. make my day.

Re:jwbozzy (-1)

Vladinator (29743) | more than 11 years ago | (#5733122)

Nice. Remeber folks - if you want your IP address broadcast all over slashdot, just log into any SlashNET irc server - the ops there like jwbozzy and drdink will FUCK YOU just like they did my friend here. Cloaking my ass.

Retraction: (-1)

Vladinator (29743) | more than 11 years ago | (#5733154)

The user forgot to cloak - it may not have been abuse by an op. Sorry to drdink for jumping the gun like that.

Devalued IP Space? (4, Insightful)

numbski (515011) | more than 11 years ago | (#5732812)

I'm just looking over this, since I'm looking to purchase some IP's from my upstream provider. It seems to be that these IP's are somewhat devalued since areas of the net have blacklisted them.

Sort of like a tarnished credit record I guess. This IP's won't be of the greatest value for a few years until the rest of the net catches up.

The IP's would be for home broadband use too. I'll be personally avoiding that IP range. :(

Re:Devalued IP Space? (2, Interesting)

Sandman1971 (516283) | more than 11 years ago | (#5732845)

You can't purchase IPs anymore. All IPs are now RENTED from the ISP in question. With routing protocols the way they are, there are very few portable classes available, and those are grandfathered. You can no longer buy a class and expect to keep it if you change providers. The IPs belong to the ISP/provider. All you're doing is renting them.

This is a good thing (tm) (0)

Anonymous Coward | more than 11 years ago | (#5732917)

Maybe providers will see that if their users are Internet dickheads (ie. DoSing, sending spam, etc) their IPs will be blacklisted and therefore less valuable.

Sort of like wanted good people to rent your house so they don't screw it up.

Re:This is a good thing (tm) (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732973)

this has nothing to do with the article or what he said you clueless dumbfuck.

RTFA before you open your AC mouth.

Re:Devalued IP Space? (0)

Anonymous Coward | more than 11 years ago | (#5732979)

if you're big enough you can still get space directly from arin. that space is portable accross isp's.

Re:Devalued IP Space? (1)

Black Copter Control (464012) | more than 11 years ago | (#5733052)

if you're big enough you can still get space directly from arin. that space is portable accross isp's.

If you're big enough to get address space directly from ARIN, chances are that you are an ISP.

Re:Devalued IP Space? (2, Insightful)

Binestar (28861) | more than 11 years ago | (#5733057)

You can get your own IPs directly from ARIN. But I guess others know that too because you were modded to 5 when I started writing this post, and when I posted it you were back to 4. There really needs to be a "-1 incorrect information" moderation.

Re:Devalued IP Space? (4, Interesting)

Sandman1971 (516283) | more than 11 years ago | (#5733073)

Sure you can. But you also have to remember that most backbone providers will not accept BGP advertisements smaller than /19 (32 Class Bs). To get that kind of range at Arin, you have to prove something like 75% utilisation now, and up to 100% utilisation within 3 months. So unless you're an ISP/backbone/server/web farm or a big company, you'll have a tough time proving you need 8 class Bs.

Re:Devalued IP Space? (1)

Sandman1971 (516283) | more than 11 years ago | (#5733088)

I forgot to add:

That is, unless you don't mind not being routed by more than half the backbones on the Internet, since most only accept /19 or bigger BGP advertisements.

And yes, I do know what I'm talking about, being an ex-WAN Admin and current syusadmin for a big national backbone provider.

Re:Devalued IP Space? (1)

Cramer (69040) | more than 11 years ago | (#5733252)

While that used to be true -- Sprint wouldn't accept anything longer than /19 because their routers didn't have the memory for it, it's not true anymore as modern routers can hold a great deal of memory. The generally accepted rule is not to do BGP for anything less than a /24. Anything less than /20 is not guaranteed to be globally routable but generally is.

As I point out to (stupid) customers: Anything smaller than a /20 may not be globally routable; Do not complain to me if there are places on the net to which you cannot connect.

And point-of-fact, the BGP routing spew from SAVVIS has things as small as /29's in it. *sigh*

Re:Devalued IP Space? (1)

Sandman1971 (516283) | more than 11 years ago | (#5733114)

So unless you're an ISP/backbone/server/web farm or a big company, you'll have a tough time proving you need 8 class Bs

Sorry, I meant 32 class Bs, not 8.

Re:Devalued IP Space? (1)

Thundar (29149) | more than 11 years ago | (#5733166)

I actually thought you meant class C's. But hey maybe someone changed the classes from B being a /16 to it being a /24 and I missed the memo...

Re:Devalued IP Space? (1)

Sandman1971 (516283) | more than 11 years ago | (#5733275)

Yeah, I meant class Cs, not class Bs Note to self: Don't post when suffering from lack of sleep.

Re:Devalued IP Space? (1)

Feyr (449684) | more than 11 years ago | (#5733093)

here we do have a few of our classes directly assigned to us, and some others are rented from the upstream. long assigned to us tho :P

offtopic, how would i go about getting those ip rerouted (if we ever decided to move to another upstream), the "portable" ones i mean :P

what makes this one so important? (0)

melloncollienet (578769) | more than 11 years ago | (#5732819)

... that'll be like the 82/8 problem as well then. Some damn quest router drops my traffic to dilbert.com.

just in case... (3, Informative)

Anonymous Coward | more than 11 years ago | (#5732822)

mirror [no-ip.com]

Re:just in case... (1)

jaredmauch (633928) | more than 11 years ago | (#5732858)

puck is handling the load quite nicely, but thanks for the offer. make sure you check out the atlantic.net split-screen traceroute tool. It's quite cool.

Lets go NANOG force! (0)

Anonymous Coward | more than 11 years ago | (#5732825)

We're all hopped up on sleeping pills and subnet calculations!

I have a 69/8 address (5, Interesting)

DetrimentalFiend (233753) | more than 11 years ago | (#5732827)

...and although most places have finally gotten their act together, this is still a bit of a problem for us. Our ISP has been working quite hard to get people to update their filters (the ISP was one of the first to get addresses in this space), but it's still a bit of a problem. Hopefully being on the front page of slashdot will help the problem some.

Re:I have a 69/8 address (1)

oaf357 (661305) | more than 11 years ago | (#5733278)

I feel your pain. I too have had similar problems (not with 69/8). It is a massive pain to explain to people that the security measures they've been using for so long are no good. It's a true pain.

Roll on IPv6 (5, Interesting)

The Real Chrisjc (576622) | more than 11 years ago | (#5732831)

I would love everything to be IPv6 now, but it ain't gonna happen for atleast 10 years I think. Even new equipment hasn't got IPv6 :(
That would solve problems like this, and create lots of lovely new ones :/

If only the world was perfect eh?

Re:Roll on IPv6 (1, Interesting)

Anonymous Coward | more than 11 years ago | (#5732925)

>That would solve problems like this

no, it wouldn't. unallocated ip's are still going to be acl'd out as illegal sources until such time as they are allocated regardless of ipv6 vs ipv4.

Re:Roll on IPv6 (4, Informative)

silas_moeckel (234313) | more than 11 years ago | (#5732955)

Your not going to see IPV6 untill they figure out how to bill for multicast traffic as it's REQUIRED to work inside IPv6 not optional like under v4. This is a HUGE problem in implementing it as you cant bill for it rationaly. How much sould it cost are home users going to be billed per megabit leaving there ISP? If multicast works lots of the current issues with the net can go away think bit torrent is fast think about file send loops via multicast just join as many as you have bandwith to receive. All of the routers etc etc out there have supported IPv6 for a long time I cant say that people are realy familiar with it but it could be made to work but you NEED to be able to fit a billing plan around it before any of the big guys are going ot make it work world wide.

Re:Roll on IPv6 (0, Flamebait)

Wesley Felter (138342) | more than 11 years ago | (#5733160)

Nothing is really required; after all, there's no "IETF police" that can punish ISPs that don't support multicast.

Re:Roll on IPv6 (5, Insightful)

rusty0101 (565565) | more than 11 years ago | (#5733014)

What new equipment does not support IPv6?

BSD, Linux, MacOS X, and Windows XP, all have support for IPv6 in their network stack. Current Cisco IOS supports IPv6.

There are some applications that go too far into the network stack to properly support IPv6, but those are applications.

The main stumbling block to IPv6 that I see right now is that very few network people in the US know how to use it. Outside of the US, both in Europe and Asia, IPv6 is being deployed fairly widely, as they do not have the IPv4 address space availabable and allocated to make use of it except in servers and routers.

As there are several gateways available, to allow IPv6 clients to access IPv4 servers, I suspect that the demand upone US providers to start supporting IPv6 devices is going to be long in comming.

With 10 devices in my house that support IP, (live at the moment, several others not currently powered up) I would exceed the available IP addresses my ISP account allows. As a result I am effectively forced to use NAT and private IP address space, even if my ISP would rather I did not. On top of that I don't want to keep a bunch of systems widely available to script kiddies. IPv6 would not solve that problem.

Then again, that's probably just all opinion on my part.

-Rusty

Re:Roll on IPv6 (1)

Klaruz (734) | more than 11 years ago | (#5733037)

The main stumbling block to IPv6 that I see right now is that very few network people in the US know how to use it. Outside of the US, both in Europe and Asia, IPv6 is being deployed fairly widely, as they do not have the IPv4 address space availabable and allocated to make use of it except in servers and routers.

Yet another reason the US tech sector is going to fall behind in the comming years. Between complacency and greed, we're done for. I gotta move.

Not surprising (4, Interesting)

Anonymous Coward | more than 11 years ago | (#5732837)

Frankly this isn't a big surprise. If IANA gave up another previously reserved netblock like 0.0.0.0/8, 96.0.0.0/4, 112.0.0.0/5, 120.0.0.0/6, 124.0.0.0/7, 126.0.0.0/8 or the plethora of other reserved netblocks then they should expect peeps to still have them blacklisted in their personal ACLs. This is only common sense. This isn't exactly news. IANA should have been very forthcoming and gone public with the fact that a previously reserved netblock was no longer reserved PRIOR to selling parts of it. How else would they expect admins like myself to know about the change?

Re:Not surprising (1)

Wild Wizard (309461) | more than 11 years ago | (#5732850)

0.0.0.0/8 will always be reserved, do the math to see why

Re:Not surprising (1)

Pharmboy (216950) | more than 11 years ago | (#5732991)

now, speaking as someone who doesn't really know shit about this....

isn't 0.0.0.0 used locally to mean localhost's *.*.*.*? I thought linux services set to 0.0.0.0 just assumed to listen to all IP's on that machine?

Just curious about this. about to jump up a big notch on the network, and actually need to learn more than I will.

Re:Not surprising (4, Informative)

lucifuge31337 (529072) | more than 11 years ago | (#5733393)

0.0.0.0/1 means any address between 0.0.0.1 and 255.255.255.254. 0.0.0.0/8 is much different, meaning any address between 0.0.0.1 and 0.255.255.254. So, basically what I'm saying is that it can mean "all IP addresses (in IPv4 space)" or it can denote a smaller subset of addresses beginning at 0.0.0.1, depending on what subnet mask is applied to it.

The "problem" with using blocks like that are not technical....just like using addresses ending in .0 as valid IP space is also not a problem in the right network blocks.....it's broken sysadmin's understaning of IP that causes issues.

Oh...and there that nasty problem of certian addresses lying on bondaries that cause routers that don't properly understand classless routing to choke, but honestly...how many edge device could possibly be out there that are that dated to still have that problem? At least how many that are in a backbone situation where their being broken would actually effect more than 10 people?

Re:Not surprising (5, Informative)

Wild Wizard (309461) | more than 11 years ago | (#5733428)

handy link on 0.0.0.0 [zvon.org]

Re:Not surprising (4, Insightful)

gclef (96311) | more than 11 years ago | (#5732893)

ARIN did notify the public. ARIN, RIPE, APNIC, etc are often announcing allocations to groups like NANOG. I don't see how much louder they could be. If you're filtering based on their reserved lists, it's your responsibility to keep up with their allocation updates.

The problem is not the allocator's fault...at least, not directly. The problem is that lots of folks put in filters based on the bogon list at the time of their firewall/soho router install, and promptly forget about the fact that those filters should change (or, more likely, the consultant left).

There's nothing that ARIN, IANA or anyone else can do to enforce clue at the edge of a network. Hence the problem. If you're not prepared to keep up with groups like NANOG, don't filter unallocated space.

Re:Not surprising (1)

silas_moeckel (234313) | more than 11 years ago | (#5733084)

This is why it makes more sence for a dynamic and secure Bogons route feed. To bad I haven't seen one yet.

Re:Not surprising (1)

wayland (165119) | more than 11 years ago | (#5733098)

...however, I'm not in North America (I'm in Australia). Is there some other group I should be keeping up with, or is NANOG still it?

Re:Not surprising (1)

kyletinsley (575229) | more than 11 years ago | (#5733311)

ARIN did notify the public. ARIN, RIPE, APNIC, etc are often announcing allocations to groups like NANOG. I don't see how much louder they could be. If you're filtering based on their reserved lists, it's your responsibility to keep up with their allocation updates.

They used to have a link on the home page of their web site clearly showing new blocks that were previously unassigned that were now in use. It was quite useful, I checked it often. Then at some point, they decided that was too useful or something, and redesigned their site, removing that update page.

They may have since put that feature back on their site, but for a long time (months at least) that information was no longer available in that form. You had to manually check each address range in their WHOIS. (I checked over their extensively for it, googling it and even wget'ing their whole site and grep'ing for changes I knew were listed before.)

So they may have put such an (easy to check) update page back on their site, but the end result of their 'redesign' is that I stopped checking it a long time ago. And apparently, so have many other people.

We get complaints every once in a great while from cablemodem users who can't access one of the public servers, and then we'll find out what address they're coming from and see if it's currently filtered, and then remove those restrictions on all servers/firewalls. Has happened twice in the last 2 years I believe.

exactly (4, Interesting)

ArchieBunker (132337) | more than 11 years ago | (#5732948)

Theres a ton of companies sitting on class A blocks and doing nothing with them. Anything from 4.0.0.0 and up is hardly used. Redistribute these as a temporary solution until IPv6 is mainstream.

Re:Not surprising (5, Funny)

jmt9581 (554192) | more than 11 years ago | (#5733111)

Curse slashdot for making me wonder "I Am Not A What?" as I skimmed over this comment . . .

While IANAL (linguist, not lawyer :) the namespace for acronyms is really becoming overcrowded. :)

I'm a hot stud baby (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732867)

Leave it geeks to have a problem with 69ing.

Do we have to teach you nerds EVERYTHING??

Re:I'm a hot stud baby (0, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733121)

Hey, I'm down with the karma-sutra and position 69 It's just my upstream provider that doesn't want to let me touch those lucious 69/8's.
kinda like those conservative priests that tell you to do it missionary style -- as if missionaries were brothels or somthing, and have thier own style for sex.

Could someone explain this (1, Insightful)

Billly Gates (198444) | more than 11 years ago | (#5732873)

Why were they filtered out in the first place? It doesn't make sense and I believe the press was talking about running out of IP addresses on the internet back in the late 1990's. If anything more addresses are now available as .coms fade away.

Re:Could someone explain this (4, Informative)

jaredmauch (633928) | more than 11 years ago | (#5732934)

We have a few things that happened here I believe. Denial of service attacks lead the reason people would filter out 'unallocated' space. A bunch of people just used rand() to generate fake source IPs to DoS from. Dropping from unallocated or unrouted space has become commonplace as it can prevent that extra little bit of packets from reaching your firewall/router/end host. It can make the difference for some people being able to survive an attack and not. The "dot com" bubble that burst created a lot of devices that used to be cared about deeply and now are ignored by the suits as the network is too stable and runs itself. This is both good and bad. As the network becomes more reliable more people start using VoIP and other technologies that reduce costs. Problem is this ends up causing jobs to be lost. (VoIP aside, if you take 250mil phone calls all going on at the same time, using 64k per call, you've got ~16Gb/s of traffic. Most of the international backbones can easily handle this traffic. What does this mean for the existing PSTN networks once the IP networks are more reliable.) People are just busy. I know that I sometimes lag in updating software on my systems unless it's necessary. Imagine the people who think "hey, i need to update these filters" but never get around to it.

Re:Could someone explain this (4, Insightful)

Pharmboy (216950) | more than 11 years ago | (#5733020)

Your raise a really good point. Also consider most major companies have cut IT staff to reduce costs, and most IT professionals have tolorated it because there are less jobs, meaning fewer people doing more work (and more burnout). I can easily see the lists not getting updated because "if it aint broke, dont fix it" mentality. Many ITs simply have plenty of other stuff to do, and if their company isn't hitting anything on 69/8 or vise versa, then it wont get fixed.

Good upkeep? Maybe not. Best some can do under the circumstances? Probably. I have enough hell just keeping up with the relatively small amount of shit I have to keep up with, so I can sympathise.

Re:Could someone explain this (3, Informative)

afidel (530433) | more than 11 years ago | (#5733360)

They were filtered because prior to being allocated the only uses for them were nefarious in nature (basically spoofing). If everyone did proper egrees filtering this wouldn't be necessary.

Re:Could someone explain this (4, Informative)

lucifuge31337 (529072) | more than 11 years ago | (#5733432)

No, that's not insightful. -1, Stupid Moderators.

There are several reasons why blocks are reserved by ARIN. Some of them are reserved because they fall on classful routing boundaries, some were reserved based on wanting to keep contiguous space free for various purposes including but not limited to RIPE and APNIC allocations, allowing flexibinity for large network to renumber out of non-contiguius space, etc.

Don't think I'm sticking up for ARIN. Their policies are poor, mostly undocumentated in their actual application, and their customer service sucks.

This is a marketing issue (4, Insightful)

southpolesammy (150094) | more than 11 years ago | (#5732889)

While the 69/8 netblock has been long known to be reserved, and has been subsequently been "used" by script kiddies and the like for DoS attacks, then if ARIN has decided to open that netblock for sale, then it is up to them to notify and market the netblock as no longer being reserved. Pretty simple actually. This is a case where a non-technical solution is ideal to address what has been a technical problem.

If ARIN isn't doing that, then shame on them. If they are doing that, and we're just ignorant of it, them shame on us.

Re:This is a marketing issue (3, Funny)

JoeBuck (7947) | more than 11 years ago | (#5732962)

And the answer is:

Shame on us.

Love those dusty old filters... (5, Insightful)

PZona (628953) | more than 11 years ago | (#5732895)

I sometimes wonder, given all the tech layoffs in the last two years, if half the 'net was left running on autopilot. Keeping the filters up to date with current practices would be a lot more likely if there was an adequate number of admins left to man the guns.

Re:Love those dusty old filters... (1)

robfoo (579920) | more than 11 years ago | (#5733247)

That's precisely what I was thinking. The small web company I used to work for (I was one of several laid off to stop the company going under) has a webserver/nameserver/mailserver that's been running pretty much sysadmin-less for the last 6 months or so.
I'd obviously set it up too well.. :)

And no, I won't be vindictive and post the server URL in the hopes of a slashdotting :p

PayPal is the authorized payment processor (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732897)

PayPal is the authorized payment processor for SlashDOT.org agglutinin forewarn liberate crushing spitting thanklessness sublanguages forfeit stenographers arithmetics obtainably protein junctions pleads belch humbling attract metro bitter where stagnant lighter heedlessly sourest scantiest enough directing achieved amyl extract chime unreasonable basketball inconsistency rescuers sincerity wasted efforts meteoric permeable combing besmirch spacings

Help desk call (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5732931)

A: 10 minutes into this call, what is the problem? IS there a problem??? 8^P
B: the problem is obviously w/you. I mean, that's obvious. i could explain it to you, but it's too obvious.
A: oh, of course, I should have seen that.
B: Exactly.
A: no prob, I'll transfer the call over to you, hang on...
B: Coward!
A: no, realistic.
B: Take away your bowling shoes, and what kinda helpdesk guy are you?
A: 11 minutes and counting, I have NO idea what the problem is????
B: Try thinking of it as a "bowling" problem. He's having problems "bowling" at a particular "lane". Why is that?
A: oh thats easy, he has no ball!
B: Good! And the "ball" in this case is...C'mon, it's easy
B: An "internet connection"
B: I've done a remote reverse caller-ID on the UDP checksums, and you're not talking to one of our customers
A: hes on adsl, i "think" he might be having trouble getting to a web site, but not too sure about that...
B: No no no, you're not listening. Integreal MD5sum shows that he's not connected to the Internet
A: i knew it, hes an aol customer being foisted on me!
B: I shouldn't have to tell you how to do a backward ICMP telnet to his firewall
A: well, reimplement his tcp/ip checksum protocol damnit Scotty!
B: You know, hanging up on the customer *is* cheating.
A: ha ha ha, i hadn't thought of that.. hmm.....
B: I had this problem once before. Ask him if he's running apache.
B: Just trust me on this
B: And tell him to flush his caching queue if he is
A: ok, hang on.
A: turns out he's using a palm pilot!
B: Tell him from me it's absolutely *essential* he use a bit-free serial cable for surfing.
B: If he has any bits left in the serial cable, they'll end up XORing incoming bits, which of course results in firewall problems.
B: Give it a good shake into a bit bucket, should be good
A: 18 minutes, *NOW* he mentions his computer started up in safe mode??????
A: what the hell is going on, if i didn't know better, i'd think this was joke call????
B: Has he lowered his cone of silence? If he has, tell him to try raising it.
B: That also causes firewall problems.
B: In fact, I'm detecting big firewall problems at this end.
B: Has he crossed the streams? I had that happen to a customer once
B: Big mess
B: Had to totally take down the proton packs
B: Nothing like an unlicensed proton accellerator to wreak havoc w/your firewall
A: customer's name is Beelzebub, does that mean anything??
B: Check billing, I think he's a Chicago customer
B: Have you told him to shut down his Internet?
B: Ask him if his O'Reilly Safari sub. has come due
B: Or if he's maybe shut down his memory
B: Did you try reformatting his CPU?
A: his memory? don't get me started!
B: Memory issues? That's MAJOR firewall problems right thjere
A: not yet, I was starting with the power supply.
B: Oh man, I had a firewall once that jumped up and bit the customer
B: Right between the eyes
B: Took me an hour to calm her down
A: this guy has no memory. oh, you meant the computer!
B: BAM
B: just like that
B: Tell him to try shutting down his website
B: I heard "error message"
B: Was it about the firewall?
B: I bet it was
B: There it is again! "Error message"!
B: Totall the firewall
B: Start like this: "Sir, I have analyzed your firewall"
B: "and it is currently set to filter outgoing ICMP checksums"
B: "This is obviously in contradiction of many, many RFCs"
B: "and if we're going to avoid a fine, you're going to need to reformat your firewall."
B: Nice calm voice, it'll work
B: 0bviously a firewall problem
B: Titlebar?
B: He needs to make sure his titlebar is compatible w/his firewall
A: this is a surreal experience, did somebody slip something into my coffee???
B: Sigh. Look at his firewall.
B: You still haven't verified its compatibility with his memory

Unreserved some time ago (2, Funny)

Anonymous Coward | more than 11 years ago | (#5732941)

Is it just me or was this block removed from the reserved list by IANA and assigned to ARIN roughly midway through 2002? Man, the lag is getting worse around here all the time..........

Re:Unreserved some time ago (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733003)

Oh wait!!!! Considering how long ago this actually happened and no one has modded this FACT up, I should have probably tossed in a gratuitous *hot grits down my pants* comment to reflect the times that this actually happened. My bad.

Re:Unreserved some time ago (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733069)

Maybe this needs a Jennifer Love Hewitt reference to get noticed. Oh wait, how circa 2001. So hard to please a slashdot mod these days. I guess you can't have a legit comment noticed anymore unless you're ""registered". In the infinte wisdom of "the powers that be" this will be the one comment that gets modded upbeing that it has turned into a bloddy rant. NOC operators rejoice, there are chromosome deficient mongoloids who know not how to operate their NOCs and unblock le
git netblocks. "Yes, Internet bad... I just want 127.0.01 permitted. I can just send that right?"

*BSD is dying (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5732957)

It is official; Netcraft now confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin [amazingkreskin.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Trolls are not creative (0, Troll)

Anonymous Coward | more than 11 years ago | (#5733038)

It is official; Rational thinkers confirm: "*BSD is dying" troll is retarded

One more crippling bombshell hit the already beleaguered Slashdot troll community when everybody confirmed that the troll community has dropped off the map yet again, now down to less than a fraction of 1 percent of their original creativity. Coming on the heels of a recent realization which plainly showed that trolls are retards, this news serves to reinforce what we've known all along. Trolls are not creative, educated, and is exemplified by repeated trolling attempts using the same old troll. You don't need to be a Psychologist to predict that the majority of trolls on the Slashdot website have no future. The crayon writing is on the wall: trolls face a bleak future. In fact there won't be any future at all for trolls unless they learn to be more creative. Things are looking very bad for trolls. As many of us are already aware, trolls continue to lose appeal.

The "*BSD is dying" trollers are the most endangered of them all, having lost 93% of its original amusement and creativity. The gradual and unpleasant repetition over a long time only serves to underscore the point more clearly. There can no longer be any doubt: trolls are retards.

Let's keep to the facts and look at the numbers.

All the good trolls have ditched Slashdot. Such figures as Signal_11 have gone away to leave the retard trolls behind. How many creative trolls are there? Let's see. The number of creative trolls is roughly nil. Therefore there are far more retards than creative trolls.

Due to the suckiness of trolls, abysmal creativity skills and so on, good trolls have left Slashdot and went to Kuro5hin [kuro5hin.org] .

Fact: Trolls are retards.

69 Filters (-1, Redundant)

T-Ranger (10520) | more than 11 years ago | (#5733004)

I would imagine that most readers of Slashdot would have problem in real life getting past filters that block access to 69.

I've got a better solution... (4, Funny)

Dimensio (311070) | more than 11 years ago | (#5733016)

Find the Internet's most notorious spam-supporting ISPs, like Qwest and Verio and anything in China or Brazil. Revoke all of their allocated IP space and give it to ISPs requesting new IP allocations, then redistribute the 69/8 IP addresses to Verio, Qwest, etc. That way no one will need to update their filters.

How much?!! (0, Offtopic)

_ph1ux_ (216706) | more than 11 years ago | (#5733060)

For 69.69.69.0/24????

Thats the C I want!

Re:How much?!! (4, Funny)

bigberk (547360) | more than 11 years ago | (#5733167)

Silly ph1ux, you can't use CIDR and class together. The purpose of CIDR is to provide more network granularity than the octet-centric 'class' based approach - see this little guide on subnetting and CIDR Blocks [arizona.edu] .

69/8? Screw 'em! (5, Interesting)

Anonymous Struct (660658) | more than 11 years ago | (#5733072)

When I started working for the company I'm working for, whose name shall remain unpublished, there was a bit of funny going on with the ip addressing schemes of our various offices. Instead of fooling around with that silly private address space nonsense, they just went allocating /8 blocks devil-may-care, one for each office, and I'll just say there were more than ten of them. Oddest bit was, nobody really seemed to notice all that much, except for the few odd folks who'd try to visit their alma mater's website and met with frustration every time. 128/8 and 129/8 were mysteriously always unavailable.

So 69/8 is blacked out? Ah, big deal. At least the dba can get to Oracle's website now. 192/8 was an office with about 60 people, if you can believe that. Strange folks out there setting up networks. Shield your young.

Re:69/8? Screw 'em! (1)

WolfWithoutAClause (162946) | more than 11 years ago | (#5733144)

I just hope they've done this more than 20 times, and the network mafia go around and remove an appendage for each time they'd set up someone with a bogus IP address like that.

Still, I suppose if it is being NAT'd properly, it maybe ok, I guess [pained look].

Yeah, I had this a while ago with 65/8 (2, Informative)

felicity (870) | more than 11 years ago | (#5733141)

Last year I had to rush over to a client to look at why they couldn't send email with their lawyers and, ironically, the firm I worked for (which was an on-going issue).

Turns out that a previous admin blocked all the "reserved" nets, including the 65/8 net which the lawyers and my firm were in.

Blocking these seems like a good idea, but it tends to get neglected and only causes problems in practice.

Coincidence? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733142)

The 69/8 Networking Problem
[ The Internet ] Posted by timothy on Monday April 14, @09:26PM
from the modular-arithmetic dept.
jaredmauch writes "A number of networking providers who receive address space from ARIN have been having problems with their recent IP space allocations. This is a result of outdated filters that applied a few years ago during the boom time of the net, but have not been updated to reflect the current state of the network. Here is a paper that documents some of the problems this filtering is causing providers."

( Read More... | 69 comments )

Nobody's Perfect - Not Even Slashdot (1)

slack1661 (242919) | more than 11 years ago | (#5733212)

Apparently the 69.0.0.0/8 is enough of an issue that folks on that address space can't even read this article [atlantic.net] on slashdot.org.

Re:Nobody's Perfect - Not Even Slashdot (0)

Anonymous Coward | more than 11 years ago | (#5733235)

Can you clarify that. Atlantic.Net hasn't assigned any 69/8 addresses to customers yet and those addresses are certainly reachable from Atlantic.Net.

Re:Nobody's Perfect - Not Even Slashdot (1)

slack1661 (242919) | more than 11 years ago | (#5733257)

Click the link - read what it says - it's fairly self-explanatory.

The only question is whether the CGI script is functioning properly. Assuming that it is - slashdot.org CAN NOT be reached from the IP 69.28.64.14.

Re:Nobody's Perfect - Not Even Slashdot (0)

Anonymous Coward | more than 11 years ago | (#5733238)

Apparently the 69.0.0.0/8 is enough of an issue that folks on that address space can't even read this article [atlantic.net] on slashdot.org.

Try tracerouting to slashdot.org yourself.

Go on, try it.

OK then.

Re:Nobody's Perfect - Not Even Slashdot (0)

Anonymous Coward | more than 11 years ago | (#5733303)

Lots of networks block the high-port UDP packets normally used by traceroute. It's a common "security measure" to disallow everything other than the few ports/protocols you actually want to provide access to. In this case, nobody can traceroute to slashdot.org...at least not unless you're in the ACL of allowed hosts (if there is one).

Re:Nobody's Perfect - Not Even Slashdot (1)

slack1661 (242919) | more than 11 years ago | (#5733335)

Hmmm... I stand corrected it seems. Better get out the old dunce cap.

Re:Nobody's Perfect - Not Even Slashdot (1)

Bishop (4500) | more than 11 years ago | (#5733368)


--
Thanks,

Shawn M. Thomas
Information Technology Specialist


Oh you are "special" alright. You can't even read the results from traceroute.

80th p05t (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5733232)

tr0llz-r-k3wl!!! Fukk-0ff-n-d13.

Hmm....Im on that net... (1)

Tmack (593755) | more than 11 years ago | (#5733263)

While I do have the occasional site that wont respond, I havent noticed more than did the same with my other provider (not on the 69/8). Guess it deserves me lookin into a bit further..

Tm

And as always.... (1)

MortisUmbra (569191) | more than 11 years ago | (#5733279)

The problem isnt man reach exceeding his grasp, it's the fact that he doesn't really look at what he is grabbing.

Third world 'net (1)

inertia@yahoo.com (156602) | more than 11 years ago | (#5733291)

ARIN, the organization responsible for the assignment of this address space, has stated that it is not required to ensure end-to-end visibility of said address space. This leaves the members with the tremendous tasks of locating, contacting, and educating every single network on the internet that is filtering this previously reserved space and requesting their operators update their filters.

While they're at it, it'd be nice to educate every single network on the internet about security and such. Or, maybe we need a new policy of "turning off" networks that don't conform to the rest of the internet's policies.

It's a huge undertaking. I don't envy them.

The $69.0.0.0 question is... (1)

goldfndr (97724) | more than 11 years ago | (#5733292)

Why are you still referring to pieces of 8 ("/8")? Quarters are good enough, and they're so unique these days!

ISPs and weird filtering (2, Interesting)

phorm (591458) | more than 11 years ago | (#5733344)

Have you ever had a IP address that you just couldn't get to, though you were positive that it was up and online?

So... you go over to a friend's (or for those who can , SSH to an alternate machine) and the IP is accessible. You know the site is available, so you spend a lot of time in the firewall settings, even opening the firewall entirely... but still no luck.

I had this problem with my ISP, and finally traced it to that 66.xx.xx.xx IP addresses were unreachable (including redhat.com, very annoying), but only when I was on a certain bank of dynamically assigned IP's. Releasing my IP and leaving the PC off overnight used to solve the problem.

For awhile, it was occuring after I got a dedicated IP as well. When I called my ISP on this, they told me to reboot my modem, let it sit off for about 15, and then restart. Try explaining to low-tier tech support about how downtime is bad when you run a server.

Luckily, all is fixed now, since I've moved to another city (same ISP, but no problems), but I wonder if this problem is related to base ISP-side filtering, or if anyone else has experienced it. At one time, I had a box with a non 66.xx.xx.xx IP and a box with a 66.xx.xx.xx IP and they couldn't even talk to each other properly, though both could get online without a problem!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>