Re: IP reserved networks

From: David C Prall (dcp@xxxxxxxxxxx)
Date: Thu Jul 20 2000 - 13:42:07 GMT-3

• Next message: Ron.Fuller@xxxxxx: "DS-3"
• Previous message: Brian S turner: "RE: Wan Utilizaion tool"
• Maybe in reply to: Leonardo Gebbia: "IP reserved networks"
• Next in thread: Leonardo Gebbia: "RE: IP reserved networks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I would go to the ARIN web page, http://www.arin.net, and do a whois on
RESERVED. Currently all class A's 66 and above are reserved, use to be
65 and above, but ARIN just made an annoucement that they would be
issuing addresses from 65 beginning shortly.

David C Prall dcp@dcptech.com http://dcp.dcptech.com
----- Original Message -----
From: "Leonardo Gebbia" <gebbia@ictc.it>
To: "Ccielab" <ccielab@groupstudy.com>
Sent: Thursday, July 20, 2000 12:27 PM
Subject: IP reserved networks

> Hi,
> I would like to ask you one question, regarding reserved IP addresses.
> I'm working on an ISP's backbone security.
> I'm trying to find out all the entries for the ingress and egress
> antispoofing ACL.
> Dealing with ingress ACL, we should apply this policy:
>
>
> Router(config)#access-list 10 deny <ISP address plan>
> Router(config)#access-list 10 deny <all IP address reserved> (I'm not
really
> sure about it)
> Router(config)#access-list 10 deny 0.0.0.0 0.255.255.255 (Historical
> Broadcast)
> Router(config)#access-list 10 deny 10.0.0.0 0.255.255.255 (private
> addresses)
> Router(config)#access-list 10 deny 127.0.0.0 0.255.255.255 (loopback)
> Router(config)#access-list 10 deny 169.254.0.0 0.0.255.255 (Link
Local
> Networks)
> Router(config)#access-list 10 deny 172.16.0.0 0.15.255.255 (private
> addresses)
> Router(config)#access-list 10 deny 192.0.2.0 0.0.0.255 (TEST-NET)
> Router(config)#access-list 10 deny 192.168.0.0 0.0.255.255 (private
> addresses)
> Router(config)#access-list 10 deny 224.0.0.0 31.255.255.255
(multicast,
> class E, broadcast)
> Router(config)#access-list 10 permit any
>
> My question is:
> Must we deny all the traffic coming from a source belonging to an IP
> reserved address, or only some reserved netwoks?
> In case we must deny only some reserved networks, do you know which
one of
> them?
>
> All IP reserved are listed in RFC 1166.
> Is there any RFC that updates the previous one?
> I have found a web site http://ipindex.dragonstar.net/ in which are
> specified all IP addresses. The information included in this site is a
bit
> different from the one in RFC 1166. Which is the good one?
>
>
> Thank you and Best Regards.
>
>
> Leonardo Gebbia
> I.C.T. Consulting S.r.l.
> Via V. Pisani 22, 20124 Milano, Italy
> mobile +39 0335 7424953
> office +39 02 67642250
> fax +39 02 67642243
> e-mail: mailto:gebbia@ictc.it
>
>
>

• Next message: Ron.Fuller@xxxxxx: "DS-3"
• Previous message: Brian S turner: "RE: Wan Utilizaion tool"
• Maybe in reply to: Leonardo Gebbia: "IP reserved networks"
• Next in thread: Leonardo Gebbia: "RE: IP reserved networks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:56 GMT-3