On Sun, 15 Jan 2012, Ted Fischer wrote:
Thanks for the replies so far, but not what I was looking for.
I should have specified that I've done several ns & dig lookups just to
make sure.
We were supposed to have lit up the last of IPv4 last year. I would have
presumed that meant that there was nothing left. Since I can't find a
reference to 172/12 anywhere, one might be led to presume that it was
allocated somehow, to someone (perhaps inadvertently not recorded) since
there are - supposedly - no fresh IPv4 addresses left to allocate, and the
only reference to this block is that 172/8 is allocated to ARIN. It
doesn't even appear in RFC 5735.
While IANA allocated the last of the free IPv4 address pool to the 5
recognized RIRs on 3 Feb 2011, that doesn't mean that all of those IPv4
addresses were immediately assigned to providers or end-users. The RIRs
will exhaust their supplies of assignable IPv4 address space at different
times, depend on their 'end game' assignment strategies and their overall
consumption rate. APNIC exhausted most of their available address
space by last April.
172/8 was a legacy block, from which 172.16/12 was allocated for RFC
1918. Looking at http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
shows many of the legacy allocations being administered by ARIN, but also
a few being administered by RIPE and APNIC. There is a difference between
an RIR being tasked with administering a chunk of legacy space and being
officially allocated a chunk of space by IANA. In the case of 172/8, it
was allocated in the InterNIC days, so users could be scattered all over
the world, but ARIN handles in-addr.arpa delegation for it. Since ARIN
was not (as far as I know) formally tasked with allocating remaining space
from 172/8, that space it will not be assigned to SPs or users by ARIN.
My question is about 172/12. Where is it, what is it's supposed purpose.
I'm almost sure it's an internal box. I just find it better to give a
professional answer to "why can't I use this" than just "you can't use
this and why is this address scanning you for udp/137 anyway".
As others have pointed out, if 172.0.0.0/12 or some subset of it doesn't
exist in the global routing table, then the packets you saw are either
coming from outside of your network - spoofed - or coming from somewhere
inside your network.
If someone can point out to me what was done with 172/12 I'd appreciate it.
I'm not aware of anything more detailed that what I've noted above or what
other posted have contributed to this thread.
jms
