I'm Being Attacked by PRISONER.IANA.ORG!
RFC 6305
Document | Type | RFC - Informational (July 2011; No errata) | |
---|---|---|---|
Authors | William Maton , Joe Abley | ||
Last updated | 2018-12-20 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | WG Document | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6305 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Ron Bonica | ||
IESG note | Peter Koch (pk@DENIC.DE) is the document shepherd. | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) J. Abley Request for Comments: 6305 ICANN Category: Informational W. Maton ISSN: 2070-1721 NRC-CNRC July 2011 I'm Being Attacked by PRISONER.IANA.ORG! Abstract Many sites connected to the Internet make use of IPv4 addresses that are not globally unique. Examples are the addresses designated in RFC 1918 for private use within individual sites. Hosts should never normally send DNS reverse-mapping queries for those addresses on the public Internet. However, such queries are frequently observed. Authoritative servers are deployed to provide authoritative answers to such queries as part of a loosely coordinated effort known as the AS112 project. Since queries sent to AS112 servers are usually not intentional, the replies received back from those servers are typically unexpected. Unexpected inbound traffic can trigger alarms on intrusion detection systems and firewalls, and operators of such systems often mistakenly believe that they are being attacked. This document provides background information and technical advice to those firewall operators. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6305. Abley & Maton Informational [Page 1] RFC 6305 I'm Being Attacked by PRISONER.IANA.ORG! July 2011 Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction and Target Audience . . . . . . . . . . . . . . . 3 2. Private-Use Addresses . . . . . . . . . . . . . . . . . . . . . 3 3. DNS Reverse Mapping . . . . . . . . . . . . . . . . . . . . . . 3 4. DNS Reverse Mapping for Private-Use Addresses . . . . . . . . . 4 5. AS112 Nameservers . . . . . . . . . . . . . . . . . . . . . . . 4 6. Inbound Traffic from AS112 Servers . . . . . . . . . . . . . . 5 7. Corrective Measures . . . . . . . . . . . . . . . . . . . . . . 5 8. AS112 Contact Information . . . . . . . . . . . . . . . . . . . 6 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 10. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 12.1. Normative References . . . . . . . . . . . . . . . . . . . 7 12.2. Informative References . . . . . . . . . . . . . . . . . . 7 Abley & Maton Informational [Page 2] RFC 6305 I'm Being Attacked by PRISONER.IANA.ORG! July 2011 1. Introduction and Target Audience Readers of this document may well have experienced an alarm from a firewall or an intrusion-detection system, triggered by unexpected inbound traffic from the Internet. The traffic probably appeared to originate from one of several hosts discussed further below. The published contacts for those hosts may well have suggested that you consult this document. If you are following up on such an event, you are encouraged to follow your normal security procedures and take whatever action you consider to be appropriate. This document contains information that may assist you. 2. Private-Use Addresses Many sites connected to the Internet make use of address blocks designated in [RFC1918] for private use. One example of such addresses is 10.1.30.20. Because these ranges of addresses are used by many sites all over theShow full document text