I'm Being Attacked by PRISONER.IANA.ORG!
RFC 6305, “I'm Being Attacked by PRISONER.IANA.ORG!”, is an Informational document published in July 2011 by J. Abley, W. Maton. The canonical text is published by the RFC Editor.
Abstract
Many sites connected to the Internet make use of IPv4 addresses that are not globally unique. Examples are the addresses designated in RFC 1918 for private use within individual sites.
Hosts should never normally send DNS reverse-mapping queries for those addresses on the public Internet. However, such queries are frequently observed. Authoritative servers are deployed to provide authoritative answers to such queries as part of a loosely coordinated effort known as the AS112 project.
Since queries sent to AS112 servers are usually not intentional, the replies received back from those servers are typically unexpected. Unexpected inbound traffic can trigger alarms on intrusion detection systems and firewalls, and operators of such systems often mistakenly believe that they are being attacked.
This document provides background information and technical advice to those firewall operators. This document is not an Internet Standards Track specification; it is published for informational purposes.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 6305 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6304 AS112 Nameserver Operations
- RFC 6306 Hierarchical IPv4 Framework
- RFC 6303 Locally Served DNS Zones
- RFC 6302 Logging Recommendations for Internet-Facing Servers
- RFC 6308 Overview of the Internet Multicast Addressing Architecture
- RFC 6301 A Survey of Mobility Support in the Internet
- RFC 6309 IANA Rules for MIKEY
- RFC 6310 Pseudowire Operations, Administration, and Maintenance Message Mapping