RE: RFC 1918 filtering on ISP Edge router

From: Annu Roopa (annu_roopa@yahoo.com)
Date: Sun Apr 25 2004 - 14:32:49 GMT-3

Kenneth and group,
 
Thanks to all who took time to answer and clarify my doubts. I have another Q on the same topic which went unanswered. I would like to know what are MSoft reserved addresses which i see keep getting mentioned in Documents and on Gstudy.
 
I think the only reserved MS address is the one when IP does not get allocated to a MS device by DHCP and it chooses 169.0.254.1. Is this address right or are there ANY other addresses i should be aware of. Unfortuantely i am not very Msoft savvy but would be eager to know of any document or URL which discusses this.
 
Thanks again,
Annu

 

Kenneth Wygand <KWygand@customonline.com> wrote:

Anna,

 

Please read below. All this information is in the original document, Router Security

Configuration Guide published by SNAC and NSA. Id attach the document but Groupstudy doesnt accept attachments, so you can download the document from the following link:

 

http://nsa2.www.conxion.com/cisco/download.htm

 

<snip>

IP Address Spoof Protection

The filtering suggestions in this sub-section are applicable to border routers, and most

interior routers. With backbone routers, it is not always feasible to define inbound

and outbound.

Inbound Traffic

Do not allow any inbound IP packet that contains an IP address from the internal

network (e.g., 14.2.6.0), any local host address (127.0.0.0/8), the link-local DHCP

default network (169.254.0.0/16), the documentation/test network (192.0.2.0/24), or

any reserved private addresses (refer to RFC 1918) in the source field. Also, if your

network does not need multicast traffic, then block the IP multicast address range

(224.0.0.0/4). Apply this access list to the external interface of the router, as shown

in the transcript below.

</snip>

 

Let me know if I can be of any further help!

 

Kenneth E. Wygand
Systems Engineer, Project Services

CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA, Network+, A+
Custom Computer Specialists, Inc.

"I am not really smart. I just stick with problems longer."
-Albert Einstein

Custom Computer Specialists, Inc.

"Celebrating 25 Years of Excellence"

 

-----Original Message-----
From: Annu Roopa [mailto:annu_roopa@yahoo.com]
Sent: Saturday, April 24, 2004 11:21 PM
To: Kenneth Wygand; Carlos Marchini; ccielab@groupstudy.com
Subject: RE: RFC 1918 filtering on ISP Edge router

 

Kenneth & group,

 

Can someone shed some more light on what theses addresses are and who uses them -i mean which protocol or application. What's their use ? Could not find info on this.

 

East(config)# access-list 100 deny ip 14.2.6.0 0.0.0.255 any log
East(config)# access-list 100 deny ip 192.0.2.0 0.0.0.255 any log
East(config)# access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
East(config)# access-list 100 deny ip 224.0.0.0 15.255.255.255 any log

Also in some Cisco documents it says block all Microsoft reserved addresses.Which of are these so that they cover them all.

 

Thanks for your answers.

Annu.

---------------------------------

Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25"

                
---------------------------------
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25"

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:55 GMT-3