Bug 12712

Summary: list-bogons command list networks which are not bogons
Product: Location Database Reporter: Peter Müller <peter.mueller>
Component: liblocAssignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact: Peter Müller <peter.mueller>
Severity: Minor Usability    
Priority: - Unknown -    
Version: unspecified   
Hardware: all   
OS: All   

Description Peter Müller 2021-10-23 15:49:59 UTC 
root@location02:~/temp-libloc-bogons# location --database /tmp/tmp.5XvU0xUFLR list-bogons > bogons
root@location02:~/temp-libloc-bogons# cat bogons | head -n 5
1.0.134.0/23
1.0.142.0/23
1.0.176.0/20
1.0.222.0/23
1.1.176.0/20
root@location02:~/temp-libloc-bogons# location --database /tmp/tmp.5XvU0xUFLR lookup 1.0.176.0
1.0.176.0:
  Network                 : 1.0.176.0/24
  Country                 : Thailand
  Autonomous System       : AS23969 - TOT Public Company Limited

Tested with libloc on location02 (git revision f55a43e85103003ef85cb13c20755caf8867cc5d). https://lists.ipfire.org/pipermail/location/2021-October/000475.html suggests "list-bogons" returns faulty output as well.
Comment 1 Michael Tremer 2021-10-25 18:08:06 UTC 
This is not a feature that is ready for production.

Could you find me a small example where this happens so that I don't have to investigate this on a database with real data?
Comment 2 Peter Müller 2022-03-02 20:15:31 UTC 
107.90.0.0/17 would be an example I just stumbled across: It is actually announced by and allocated to AT&T:

$ location lookup 107.90.46.0
107.90.46.0:
  Network                 : 107.90.0.0/17
  Country                 : United States of America
  Autonomous System       : AS20057 - ATT-MOBILITY-LLC-AS20057

$ whois 107.90.0.0

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#


NetRange:       107.64.0.0 - 107.127.255.255
CIDR:           107.64.0.0/10
NetName:        ATT-MOBILITY-LLC
NetHandle:      NET-107-64-0-0-1
Parent:         NET107 (NET-107-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   AT&T Mobility LLC (ATTMO-3)
RegDate:        2011-02-04
Updated:        2012-03-20
Ref:            https://rdap.arin.net/registry/ip/107.64.0.0



OrgName:        AT&T Mobility LLC
OrgId:          ATTMO-3
Address:        7277 164th Ave NE
Address:        ATTN:  IP Management
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        2008-10-10
Updated:        2021-06-26
Comment:        For policy abuse issues contact:     abuse@att.net
Comment:        
Comment:        Send all subpoena, Internet, Court order related matters to:
Comment:        
Comment:        ATT National Compliance Center
Comment:        11760 US Hwy 1, Suite 600
Comment:        North Palm Beach, FL  33408
Comment:        Phone Number: 1-800-635-6840
Comment:        Fax Number:  1-888-938-4715
Comment:        Email:  compcent@att.com
Ref:            https://rdap.arin.net/registry/entity/ATTMO-3


OrgTechHandle: IPADM2-ARIN
OrgTechName:   IPAdmin ATT Internet Services
OrgTechPhone:  +1-888-510-5545 
OrgTechEmail:  ipadmin@att.com
OrgTechRef:    https://rdap.arin.net/registry/entity/IPADM2-ARIN

OrgAbuseHandle: ATTAB1-ARIN
OrgAbuseName:   ATT Abuse
OrgAbusePhone:  +1-919-319-8130 
OrgAbuseEmail:  abuse@att.net
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ATTAB1-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#

Therefore, this network should not be listed as bogon.
Comment 3 Michael Tremer 2022-03-07 20:37:57 UTC 
I pushed a lot of fixes today which rewrite the whole summarising algorithm which is now a lot faster and performs less trial and error.

The bogons search algorithm was rewritten too, because comparing network isn't the correct way to go. Instead, we are now looking for gaps and searching the entire address space. This will also include special addresses (see below).

Bogons are now being treated as gaps between networks without a country code (because just being announced isn't enough to not be a bogon).

Unfortunately there are large blocks X.0.0.0/8 which might be something we want to filter from the database, because they might cover too much.

Do we want to filter for ::1/128, multicast and RFC1918 space, etc? Right now, these are all listed, too.

Do we generally want to make these available for logging in the firewall in IPFire 2?
Comment 4 Michael Tremer 2024-02-21 17:13:45 UTC 
I believe this is generally fixed.