T
Terry L. Ridder
hello;
background:
using the daily statistic files from the four regional internet
registries (rir), apnic, arin, lacnic, and ripe, i create a 'holes' data
set. 'holes' are network address blocks that are not reserved by iana
nor allocated or assigned by any of the four rirs. the current 'holes'
file contains 149190 entries in cidr notation.
a third party file contains ip addresses which in theory should be
blocked are various reasons. this flat ascii file has 16420 entries in
cidr notation. a review of the third party file shows ip addresses
listed which are really 'holes', i.e. they are neither reserved,
allocated, nor assigned by iana, apnic, arin, lacnic, or ripe.
however, that does not rule out that someone may actually be attempting
to use them.
the 'holes' data and the third party data need to be compared.
there are several possibilities:
for each 'holes' entry:
$holes_lo == begin ip address of network address block.
$holes_hi == end ip address of network address block.
for each 'third party' entry:
$block_lo == begin ip address of network address block.
$block_hi == end ip address of network address block.
$holes_lo < $block_lo &&
$holes_lo < $block_hi &&
$holes_hi > $block_lo &&
$holes_hi < $block_hi
partial overlap;
flag block entry;
$holes_lo > $block_lo &&
$holes_lo < $block_hi &&
$holes_hi > $block_lo &&
$holes_hi > $block_hi
partial overlap;
flag block entry;
$holes_lo > $block_lo &&
$holes_lo > $block_hi &&
$holes_hi > $block_lo &&
$holes_hi > $block_hi
no overlap;
ok;
$holes_lo < $block_lo &&
$holes_lo < $block_hi &&
$holes_hi < $block_lo &&
$holes_hi < $block_hi
no overlap;
ok;
$holes_lo < $block_lo &&
$holes_lo < $block_hi &&
$holes_hi > $block_lo &&
$holes_hi > $block_hi
total overlap;
flag block entry;
the flagged block entries will be check against the bgp routing tables
by querying the router for announced routes just to make sure someone
is not attempting to use it.
using foreach loops would be braindead given the number of entries.
149190 x 16420. ( which change daily. )
please note:
all ip addresses are stored as numbers and *not* as dotted quads.
the reason for doing this is to provide feedback to the third party
concerning their listings and to request clarification as to why they
are listing network address blocks which are neither reserved,
allocated, assigned, nor routed.
i would be the first to agree that the third party should be checking
their listings, but for whatever reason they are not. i have pointed
out several 'errors' to the third party but it falls of deaf ears or
blind eyes depending on your perspective.
background:
using the daily statistic files from the four regional internet
registries (rir), apnic, arin, lacnic, and ripe, i create a 'holes' data
set. 'holes' are network address blocks that are not reserved by iana
nor allocated or assigned by any of the four rirs. the current 'holes'
file contains 149190 entries in cidr notation.
a third party file contains ip addresses which in theory should be
blocked are various reasons. this flat ascii file has 16420 entries in
cidr notation. a review of the third party file shows ip addresses
listed which are really 'holes', i.e. they are neither reserved,
allocated, nor assigned by iana, apnic, arin, lacnic, or ripe.
however, that does not rule out that someone may actually be attempting
to use them.
the 'holes' data and the third party data need to be compared.
there are several possibilities:
for each 'holes' entry:
$holes_lo == begin ip address of network address block.
$holes_hi == end ip address of network address block.
for each 'third party' entry:
$block_lo == begin ip address of network address block.
$block_hi == end ip address of network address block.
$holes_lo < $block_lo &&
$holes_lo < $block_hi &&
$holes_hi > $block_lo &&
$holes_hi < $block_hi
partial overlap;
flag block entry;
$holes_lo > $block_lo &&
$holes_lo < $block_hi &&
$holes_hi > $block_lo &&
$holes_hi > $block_hi
partial overlap;
flag block entry;
$holes_lo > $block_lo &&
$holes_lo > $block_hi &&
$holes_hi > $block_lo &&
$holes_hi > $block_hi
no overlap;
ok;
$holes_lo < $block_lo &&
$holes_lo < $block_hi &&
$holes_hi < $block_lo &&
$holes_hi < $block_hi
no overlap;
ok;
$holes_lo < $block_lo &&
$holes_lo < $block_hi &&
$holes_hi > $block_lo &&
$holes_hi > $block_hi
total overlap;
flag block entry;
the flagged block entries will be check against the bgp routing tables
by querying the router for announced routes just to make sure someone
is not attempting to use it.
using foreach loops would be braindead given the number of entries.
149190 x 16420. ( which change daily. )
please note:
all ip addresses are stored as numbers and *not* as dotted quads.
the reason for doing this is to provide feedback to the third party
concerning their listings and to request clarification as to why they
are listing network address blocks which are neither reserved,
allocated, assigned, nor routed.
i would be the first to agree that the third party should be checking
their listings, but for whatever reason they are not. i have pointed
out several 'errors' to the third party but it falls of deaf ears or
blind eyes depending on your perspective.