Hi, I'm trying to get rid of the section called 'Advertised IANA Reserved Addresses' in the 'RIPE NCC Region Weekly Routing Report'. Since about some time I'm watching very interested how these networks are still 'annoucable'. I have implemented a ingress-BGP filter list that tell a syslogger to show all 'reserved-IP-space' announcements. Since the advent of the RIS, it is even better to have some kind of evidence which AS did announce when these networks. There is basically nothing wrong with making mistakes, but I'm starting to believe that some networks are being misused for spam or other annoyances. Please have a look to the last week's list: ---------------------------------- Network Origin AS Description 39.96.40.224/30 14408 iCAIR 65.56.64.0/21 2941 Community News Service 109.177.9.0/24 1785 Sprint ICM 219.91.160.0/22 7742 InternetNow, Inc. 219.91.164.0/23 7742 InternetNow, Inc. Funny enough that the RIS-database shows the following path for one of these networks: A 109.177.9.0/24 2000-06-13 13:24:25 212.20.151.253 13129 3549 6347 10664 A 109.177.9.0/24 2000-06-13 15:10:28 192.65.184.3 513 209 701 10664 A 109.177.9.0/24 2000-06-13 15:10:28 195.8.100.22 8259 5413 2828 701 10664 Always AS10664 as being the origin-AS. Wonder, why there is no such AS listed in ARIN's database as well?! There are small blocks, and I'm even missing some, which I'm seeing constantly in variations: Jun 15 19:23:57.558 MET_DST: %SEC-6-IPACCESSLOGNP: list 121 denied 0 1.1.1.0 -> 255.255.255.0, 2 packets Jun 15 19:28:57.740 MET_DST: %SEC-6-IPACCESSLOGNP: list 121 denied 0 1.1.1.0 -> 255.255.255.0, 2 packets If we want to try get some of this stuff out of the backbone and even decrease some (unnecessary) BGP-traffic, why not publish a 'ingress BGP-filterlist' that is endorsed by the RIPE-wg, RIPE or the community at large? What it basically does is: 1. Reject illegal prefixes (127/8, 0/0, RFC1918, etc.) 2. Log orginiators (if wanted) 3. Decrease SPAM-complaints 4. Prevent abuse It's low on CPU (it's no IP filter-list!), just a BGP-ingress filter. I have even added some prefix-length filter, but this is another topic, and depends on your upstream's policy. (I just can't stand /32s in the table!). Kurt -- noris network GmbH | Deutschherrnstr. 15-19 | 90429 Nuernberg Tel. (0911) 27738-0 | Fax. (0911) 27738-100 | kurt@noris.net %IDS-4-IP_IMPOSSIBLE_SIG: Sig:1102:Impossible IP Packet