# 1550, Thu 9 Feb 95 # # Rule specification file to tally traffic for Auckland, using four # groups of sites: UA-depts, Local, NZ and World # # Nevil Brownlee, Computer Centre, University of Auckland # SET 6 # RULES SourcePeerType & 255 = IP: Pushto, IP_pkt; Null & 0 = 0 : Ignore, 0; # Ignore other packet types # dest_local: v1 & 0 = SourcePeerAddress: AssignAct, Next; Null & 0 = 0: Gosub, Auckland_nets; Null & 0 = 0: Goto, c_pkt; # 1 Dept -> dept-local Null & 0 = 0: GotoAct, t_bad; # 2 UA, not in list of OK subnets -> UA-local Null & 0 = 0: Ignore, 0; # 3 Local -> Ignore local-local Null & 0 = 0: Retry, 0; # 4 Not UA or local -> Want local as source # dest_UA: SourcePeerAddress & 255.255.0.0 = 130.216.0.0: Ignore, 0; # Ignore UA-UA Null & 0 = 0 : Retry, 0; # Want Auckland as source # IP_pkt: DestPeerAddress & 255.255.0.0 = 130.216.0.0: Pushto, dest_UA; # Auckland Null & 0 = 0: GotoAct, Next; v1 & 0 = DestPeerAddress: AssignAct, Next; Null & 0 = 0: Gosub, Auckland_nets; Null & 0 = 0: Ignore, 0; # 1 dest UA department Null & 0 = 0: Ignore, 0; # 2 dest UA Null & 0 = 0: GotoAct, dest_local; # 3 dest Local # v1 & 0 = SourcePeerAddress: AssignAct, Next; # 4 dest NZ or world Null & 0 = 0: Gosub, Auckland_nets; Null & 0 = 0: GotoAct, src_dept; # 1 source Dept Null & 0 = 0: GotoAct, t_bad; # 2 source UA, not an OK subnet Null & 0 = 0: GotoAct, src_local; # 3 source Local Null & 0 = 0: GotoAct, t_bad; # 4 Not local, unexpected transit # src_dept: v1 & 0 = DestPeerAddress: AssignAct, Next; Null & 0 = 0: Gosub, Tuia_proximal; DestPeerAddress & 255.255.0 = 130.216.0 : Ignore, 0; # 1 Auckland DestPeerAddress & 255.255.0 = 132.181.0 : Pushto, c_pkt; # 2 Canterbury DestPeerAddress & 255.255.0 = 131.203.0 : Pushto, c_pkt; # 3 Gracefield DestPeerAddress & 255.255.0 = 141.158.0 : Pushto, c_pkt; # 4 Invermay DestPeerAddress & 255.255.0 = 161.65.0 : Pushto, c_pkt; # 5 Lincoln CRI DestPeerAddress & 255.255.0 = 130.123.0 : Pushto, c_pkt; # 6 Massey DestPeerAddress & 255.255.255 = 192.88.85 : Pushto, c_pkt; # 7 MoRST DestPeerAddress & 255.255.0 = 161.29.0 : Pushto, c_pkt; # 8 Mt Albert DestPeerAddress & 255.255.255 = 192.122.171: Pushto, c_pkt; # 9 Nat Lib DestPeerAddress & 255.255.255 = 192.84.253 : Pushto, c_pkt; # 10 Netway DestPeerAddress & 255.255.0 = 139.80.0 : Pushto, c_pkt; # 11 Otago DestPeerAddress & 255.255.0 = 160.4.0 : Pushto, c_pkt; # 12 Ruakura DestPeerAddress & 255.255.255 = 202.12.76 : Pushto, c_pkt; # 13 Taranaki DestPeerAddress & 255.255.0 = 130.195.0 : Pushto, c_pkt; # 14 VUW DestPeerAddress & 255.255.0 = 130.217.0 : Pushto, c_pkt; # 15 Waikato DestPeerAddress & 255.255.255 = 192.111.102: Pushto, c_pkt; # 16 Wallaceville DestPeerAddress & 255.255.0 = 140.200.0 : Pushto, c_pkt; # 17 Tuia DestPeerAddress & 255.0.0 = 253.0.0 : Pushto, c_pkt; # 18 Unconnected DestPeerAddress & 255.0.0 = 254.0.0 : Pushto, c_pkt; # 19 World Null & 0 = 0: Ignore, 0; # marks end of gosub returns # src_local: v1 & 0 = DestPeerAddress: AssignAct, Next; Null & 0 = 0: Gosub, Tuia_proximal; DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 1 Auckland DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 2 Canterbury DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 3 Gracefield DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 4 Invermay DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 5 Lincoln CRI DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 6 Massey DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 7 MoRST DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 8 Mt Albert DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 9 Nat Lib DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 10 Netway DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 11 Otago DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 12 Ruakura DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 13 Taranaki DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 14 VUW DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 15 Waikato DestPeerAddress & 255 = 252.0.0 : Pushto, c_pkt; # 16 Wallaceville DestPeerAddress & 255.255 = 140.200: Pushto, c_pkt; # 17 Tuia DestPeerAddress & 255 = 253.0.0 : Pushto, c_pkt; # 18 Unconnected DestPeerAddress & 255 = 254.0.0 : Pushto, c_pkt; # 19 World Null & 0 = 0: Ignore, 0; # marks end of gosub returns # c_pkt: SourceTransType & 255 = tcp: PushtoAct, tcp_udp; SourceTransType & 255 = udp: PushtoAct, tcp_udp; SourceTransType & 255 = icmp: PushtoAct, c_trans_only; SourceTransType & 255 = ospf: PushtoAct, c_trans_only; Null & 0 = 0: GotoAct, t_bad; # Unknown transport type # tcp_udp: s_news: SourceTransAddress & 255.255 = nntp: PushtoAct, c_trans_source; DestTransAddress & 255.255 = nntp: GotoAct, s_news; s_smtp: SourceTransAddress & 255.255 = smtp: PushtoAct, c_trans_source; DestTransAddress & 255.255 = smtp: GotoAct, s_smtp; s_domain: SourceTransAddress & 255.255 = domain: PushtoAct, c_trans_source; DestTransAddress & 255.255 = domain: GotoAct, s_domain; s_telnet: SourceTransAddress & 255.255 = telnet: PushtoAct, c_trans_source; DestTransAddress & 255.255 = telnet: GotoAct, s_telnet; s_ftp_ctrl: SourceTransAddress & 255.255 = ftp: PushtoAct, c_trans_source; DestTransAddress & 255.255 = ftp: GotoAct, s_ftp_ctrl; s_ftp_data: SourceTransAddress & 255.255 = ftpdata: PushtoAct, c_trans_source; DestTransAddress & 255.255 = ftpdata: GotoAct, s_ftp_data; # Null & 0 = 0: GotoAct, t_bad; # 'Unusual' port # t_bad: # End of packet testing SourceTransAddress & 255.255 = 0: PushPkttoAct, Next; DestTransAddress & 255.255 = 0: PushPkttoAct, Next; SourceTransType & 255 = 0: CountPkt, 0; c_trans_source: # SourceTransAddress already pushed SourceTransType & 255 = 0: CountPkt, 0; c_trans_only: SourceTransType & 255 = 0: CountPkt, 0; # # Auckland local nets # Auckland_nets: v1 & 255.255.255.0 = 130.216.1.0 : PushtoAct, A_dept; # Computer Centre v1 & 255.255.255.0 = 130.216.3.0 : PushtoAct, A_dept; # Auckland DMZ v1 & 255.255.255.0 = 130.216.5.0 : PushtoAct, A_dept; # Eng Science v1 & 255.255.255.0 = 130.216.7.0 : PushtoAct, A_dept; # Physics v1 & 255.255.255.0 = 130.216.11.0 : PushtoAct, A_dept; # Medical School v1 & 255.255.255.0 = 130.216.12.0 : PushtoAct, A_dept; # Pharmacology v1 & 255.255.255.0 = 130.216.14.0 : PushtoAct, A_dept; # Commerce v1 & 255.255.255.0 = 130.216.15.0 : PushtoAct, A_dept; # Mathematics v1 & 255.255.255.0 = 130.216.21.0 : PushtoAct, A_dept; # Chemistry v1 & 255.255.255.0 = 130.216.26.0 : PushtoAct, A_dept; # S.B.S. v1 & 255.255.255.0 = 130.216.33.0 : PushtoAct, A_dept; # Computer Science v1 & 255.255.255.0 = 130.216.34.0 : PushtoAct, A_dept; # Computer Science v1 & 255.255.255.0 = 130.216.73.0 : PushtoAct, A_dept; # Law # v1 & 255.255.255.0 = 192.156.165.0 : PushtoAct, A_local; # DECUSLINK v1 & 255.255.255.0 = 192.251.230.0 : PushtoAct, A_local; # CLEARFIELD v1 & 255.255.255.0 = 202.12.104.0 : PushtoAct, A_local; # DSE v1 & 255.255.255.0 = 202.12.105.0 : PushtoAct, A_local; # FPNET v1 & 255.255.255.0 = 202.14.100.0 : PushtoAct, A_local; # STATUS v1 & 255.255.255.0 = 202.14.102.0 : PushtoAct, A_local; # KCBBS v1 & 255.255.255.0 = 202.14.216.0 : PushtoAct, A_local; # MANUKAU v1 & 255.255.255.0 = 202.14.217.0 : PushtoAct, A_local; # MALEFICARUM v1 & 255.255.255.0 = 202.14.252.0 : PushtoAct, A_local; # NETBLK-CRAYCOM v1 & 255.255.255.0 = 202.14.253.0 : PushtoAct, A_local; # NETBLK-CRAYCOM v1 & 255.255.255.0 = 202.14.254.0 : PushtoAct, A_local; # NETBLK-CRAYCOM # v1 & 255.255.0.0 = 156.62.0.0 : PushtoAct, A_local; # ATINET v1 & 255.255.0.0 = 130.216.0.0 : Return, 2; # University of Auckland # Null & 0 = 0 : Return, 4; # Not dept or local # A_dept: Null & 0 = 0 : Return, 1; # UofA department # A_local: Null & 0 = 0 : Return, 3; # Auckland local # # NZ nets (checked by traceroute from Auckland), Tue 19 Oct 93 # # 132.160.0.0 PACCOM # 140.200.0.0 KAWAIHIKO # # Class B nets # Tuia_proximal: # Auckland B v1 & 255.255.0.0 = 130.216.0.0 : Return, 1; # AUCKLAND v1 & 255.255.0.0 = 156.62.0.0 : Return, 1; # ATINET # Canterbury B v1 & 255.255.0.0 = 132.181.0.0 : Return, 2; # CANTERBURY v1 & 255.255.0.0 = 138.75.0.0 : Return, 2; # LINCOLN-LAN-1 v1 & 255.255.0.0 = 153.111.0.0 : Return, 2; # CCCNET2 v1 & 255.255.0.0 = 165.84.0.0 : Return, 2; # CHCHPOLY-NET # Gracefield B v1 & 255.255.0.0 = 131.203.0.0 : Return, 3; # DSIR # Invermay B v1 & 255.255.0.0 = 147.158.0.0 : Return, 4; # INVERMAY-NET # Lincoln CRI B v1 & 255.255.0.0 = 161.65.0.0 : Return, 5; # CH-CRINET # Massey B v1 & 255.255.0.0 = 130.123.0.0 : Return, 6; # MASSEY v1 & 255.255.0.0 = 161.66.0.0 : Return, 6; # PN-CRINET v1 & 255.255.0.0 = 161.140.0.0 : Return, 6; # MASSEY-ALB # Mt Albert B v1 & 255.255.0.0 = 161.29.0.0 : Return, 8; # AK-CRINET # Otago B v1 & 255.255.0.0 = 139.80.0.0 : Return, 11; # OTAGO-LAN1 # Ruakura B v1 & 255.255.0.0 = 160.4.0.0 : Return, 12; # PRI-RUAKURA # VUW B v1 & 255.255.0.0 = 130.195.0.0 : Return, 14; # VUW v1 & 255.255.0.0 = 150.206.0.0 : Return, 14; # WGTNPOLY v1 & 255.255.0.0 = 151.135.0.0 : Return, 14; # WORKSNET v1 & 255.255.0.0 = 156.59.0.0 : Return, 14; # CIT # Waikato B v1 & 255.255.0.0 = 130.217.0.0 : Return, 15; # WAIKATO-LAN-1 v1 & 255.255.0.0 = 138.211.0.0 : Return, 15; # WAIARIKI v1 & 255.255.0.0 = 163.7.0.0 : Return, 15; # FRI # Unconnected B v1 & 255.255.0.0 = 134.251.0.0 : Return, 18; # GCS v1 & 255.255.0.0 = 138.71.0.0 : Return, 18; # MAF v1 & 255.255.0.0 = 138.235.0.0 : Return, 18; # IRD v1 & 255.255.0.0 = 143.96.0.0 : Return, 18; # LINC v1 & 255.255.0.0 = 144.66.0.0 : Return, 18; # DOSLI v1 & 255.255.0.0 = 146.171.0.0 : Return, 18; # TELECOMNZ v1 & 255.255.0.0 = 152.153.0.0 : Return, 18; # NZSTEEL v1 & 255.255.0.0 = 155.32.0.0 : Return, 18; # CCCNET v1 & 255.255.0.0 = 155.59.0.0 : Return, 18; # NZDAIRY v1 & 255.255.0.0 = 156.13.0.0 : Return, 18; # NBNZUTN v1 & 255.255.0.0 = 156.149.0.0 : Return, 18; # SONZ-SHEL-NZ # v1 & 255.255.0.0 = 140.200.0.0 : Return, 17; # KAWAIHIKO # # Class C nets # Auckland C v1 & 255.255.255.0 = 192.156.165.0: Return, 1; # DECUSLINK v1 & 255.255.255.0 = 192.251.230.0: Return, 1; # CLEARFIELD v1 & 255.255.255.0 = 202.12.104.0 : Return, 1; # DSE v1 & 255.255.255.0 = 202.12.105.0 : Return, 1; # FPNET v1 & 255.255.255.0 = 202.14.100.0 : Return, 1; # STATUS v1 & 255.255.255.0 = 202.14.102.0 : Return, 1; # KCBBS v1 & 255.255.255.0 = 202.14.216.0 : Return, 1; # MANUKAU v1 & 255.255.255.0 = 202.14.217.0 : Return, 1; # MALEFICARUM v1 & 255.255.255.0 = 202.14.252.0 : Return, 1; # NETBLK-CRAYCOM v1 & 255.255.255.0 = 202.14.253.0 : Return, 1; # NETBLK-CRAYCOM v1 & 255.255.255.0 = 202.14.254.0 : Return, 1; # NETBLK-CRAYCOM # Canterbury C v1 & 255.255.255.0 = 192.73.21.0 : Return, 2; # TUIA-DSIR-1 v1 & 255.255.255.0 = 192.101.16.0 : Return, 2; # CHMEDS v1 & 255.255.255.0 = 192.122.180.0: Return, 2; # WAIRCNET v1 & 255.255.255.0 = 192.124.160.0: Return, 2; # NSFCHCH v1 & 255.255.255.0 = 192.146.218.0: Return, 2; # SOUTHPOWER1 v1 & 255.255.255.0 = 192.188.241.0: Return, 2; # WRONZ-LAN-1 v1 & 255.255.255.0 = 192.203.99.0 : Return, 2; # CHCHPOLY-NET v1 & 255.255.255.0 = 192.231.84.0 : Return, 2; # EQUINOX-NZ v1 & 255.255.255.0 = 192.245.36.0 : Return, 2; # HINDIN-NET # Lincoln CRI C v1 & 255.255.255.0 = 192.133.31.0 : Return, 5; # SCOTT-NET v1 & 255.255.255.0 = 192.231.35.0 : Return, 5; # ND # Massey C v1 & 255.255.255.0 = 192.150.218.0: Return, 6; # NZCRILEVIN v1 & 255.255.255.0 = 192.150.220.0: Return, 6; # NZCRIFH # MoRST v1 & 255.255.255.0 = 192.88.85.0 : Return, 7; # MORST # National Library C v1 & 255.255.255.0 = 192.122.171.0: Return, 9; # NATLIB-NZ v1 & 255.255.255.0 = 202.12.91.0 : Return, 9; # NATLIB-NZ2 # Netway C v1 & 255.255.255.0 = 192.84.253.0 : Return, 10; # NETWAY # Otago C v1 & 255.255.255.0 = 192.156.225.0: Return, 11; # PMAIL v1 & 255.255.255.0 = 202.7.0.0 : Return, 11; # DUNEDIN-CITY1 v1 & 255.255.255.0 = 202.7.1.0 : Return, 11; # DUNEDIN-CITY2 # Ruakura C v1 & 255.255.255.0 = 192.102.92.0 : Return, 12; # AEIRUAKURA-1 # VUW C v1 & 255.255.255.0 = 192.54.130.0 : Return, 14; # WCC v1 & 255.255.255.0 = 192.88.190.0 : Return, 14; # WRC v1 & 255.255.255.0 = 192.100.53.0 : Return, 14; # ACTRIX v1 & 255.255.255.0 = 192.105.10.0 : Return, 14; # MINEDU v1 & 255.255.255.0 = 192.112.148.0: Return, 14; # NZINTAFFAIRS v1 & 255.255.255.0 = 192.188.71.0 : Return, 14; # RESINFONZ v1 & 255.255.255.0 = 192.190.108.0: Return, 14; # WCCNZ-NET-2 v1 & 255.255.255.0 = 192.203.154.0: Return, 14; # DISCOVERYNET v1 & 255.255.255.0 = 202.6.5.0 : Return, 14; # BEDROOM v1 & 255.255.255.0 = 202.12.101.0 : Return, 14; # TOPNZ1 v1 & 255.255.255.0 = 202.12.102.0 : Return, 14; # TOPNZ2 v1 & 255.255.255.0 = 202.12.103.0 : Return, 14; # TOPNZ3 v1 & 255.255.255.0 = 202.14.106.0 : Return, 14; # WNMEDS v1 & 255.255.255.0 = 202.14.218.0 : Return, 14; # NZVCC v1 & 255.255.255.0 = 202.20.80.0 : Return, 14; # COMMS-NZ v1 & 255.255.255.0 = 202.20.93.0 : Return, 14; # VUWIG # Waikato C v1 & 255.255.255.0 = 192.107.172.0: Return, 15; # TUIA-WAIKATO-2 v1 & 255.255.255.0 = 192.146.150.0: Return, 15; # BOPRCNET v1 & 255.255.255.0 = 202.12.76.0 : Return, 15; # TARANAKI1 v1 & 255.255.255.0 = 202.12.77.0 : Return, 15; # TARANAKI2 v1 & 255.255.255.0 = 202.14.96.0 : Return, 15; # LIVESTOCK v1 & 255.255.255.0 = 202.20.65.0 : Return, 15; # MIDLAND v1 & 255.255.255.0 = 202.20.79.0 : Return, 15; # WAIDC # Wallaceville C v1 & 255.255.255.0 = 192.111.102.0: Return, 16; # MAFTECH-NC v1 & 255.255.255.0 = 192.245.94.0 : Return, 16; # UHCOLLEGE # Unconnected C v1 & 255.255.255.0 = 192.67.168.0 : Return, 18; # BCL v1 & 255.255.255.0 = 192.73.80.0 : Return, 18; # MASSEY-C1 v1 & 255.255.255.0 = 192.73.81.0 : Return, 18; # MASSEY-C2 v1 & 255.255.255.0 = 192.86.12.0 : Return, 18; # MOF v1 & 255.255.255.0 = 192.88.119.0 : Return, 18; # WELGASCO v1 & 255.255.255.0 = 192.94.169.0 : Return, 18; # GPNET v1 & 255.255.255.0 = 192.92.102.0 : Return, 18; # CCCNET v1 & 255.255.255.0 = 192.102.254.0: Return, 18; # STATISTICSNZ v1 & 255.255.255.0 = 192.104.252.0: Return, 18; # BRDGPCFC v1 & 255.255.255.0 = 192.107.112.0: Return, 18; # AUCKRCNET v1 & 255.255.255.0 = 192.107.113.0: Return, 18; # KNOWLEDGENET v1 & 255.255.255.0 = 192.107.171.0: Return, 18; # TUIA-WAIKATO-1 v1 & 255.255.255.0 = 192.108.218.0: Return, 18; # ARC-SIMFACNET v1 & 255.255.255.0 = 192.108.220.0: Return, 18; # ARC-KAOFACNET v1 & 255.255.255.0 = 192.108.239.0: Return, 18; # DATAMARK-NZ v1 & 255.255.255.0 = 192.124.18.0 : Return, 18; # CCCNET1 v1 & 255.255.255.0 = 192.124.24.0 : Return, 18; # NZ-APMB v1 & 255.255.255.0 = 192.133.66.0 : Return, 18; # TRANSIT_NZ v1 & 255.255.255.0 = 192.138.251.0: Return, 18; # GESNET v1 & 255.255.255.0 = 192.146.133.0: Return, 18; # MIRINZNET v1 & 255.255.255.0 = 192.146.219.0: Return, 18; # SOUTHPOWER2 v1 & 255.255.255.0 = 192.147.151.0: Return, 18; # BCLAUCK v1 & 255.255.255.0 = 192.147.152.0: Return, 18; # BCLCHCH v1 & 255.255.255.0 = 192.147.153.0: Return, 18; # OWDJIMNET v1 & 255.255.255.0 = 192.150.144.0: Return, 18; # UNIFORUMNZ v1 & 255.255.255.0 = 192.150.219.0: Return, 18; # NZCRIHAST v1 & 255.255.255.0 = 192.153.251.0: Return, 18; # CRI-NET v1 & 255.255.255.0 = 192.161.128.0: Return, 18; # NETWAY-1 v1 & 255.255.255.0 = 192.161.129.0: Return, 18; # NETWAY-2 v1 & 255.255.255.0 = 192.203.85.0 : Return, 18; # NETBLK-EYNZ v1 & 255.255.255.0 = 192.203.95.0 : Return, 18; # NETBLK-EYNZ v1 & 255.255.255.0 = 192.231.183.0: Return, 18; # HEALTHNZ v1 & 255.255.255.0 = 202.1.14.0 : Return, 18; # NET-HEALTHNZ-8 v1 & 255.255.255.0 = 202.6.104.0 : Return, 18; # DIA1 v1 & 255.255.255.0 = 202.6.105.0 : Return, 18; # DI275 v1 & 255.255.255.0 = 202.6.110.0 : Return, 18; # IRL-DEMO v1 & 255.255.255.0 = 202.14.69.0 : Return, 18; # KARERENET1 v1 & 255.255.255.0 = 202.14.70.0 : Return, 18; # KARERENET2 v1 & 255.255.255.0 = 202.14.71.0 : Return, 18; # KARERENET3 v1 & 255.255.255.0 = 202.14.72.0 : Return, 18; # KARERENET v1 & 255.255.255.0 = 202.20.76.0 : Return, 18; # SANS v1 & 255.255.255.0 = 202.20.102.0 : Return, 18; # AGCTRL v1 & 255.255.255.0 = 202.20.103.0 : Return, 18; # AGLINC v1 & 255.255.255.0 = 202.20.104.0 : Return, 18; # AGGRASS # Null & 0 = 0 : Return, 19; # Not an NZ net # FORMAT FlowRuleSet FlowIndex FirstTime " " SourcePeerType SourcePeerAddress DestPeerAddress " " SourceTransType SourceTransAddress DestTransAddress " " ToPDUs FromPDUs " " ToOctets FromOctets; # STATISTICS # Collect meter statistics # # end of file