FW: RFC 1918 filtering on ISP Edge router
From: Carlos Marchini (cmarchini@signetdiagnostic.com)
Date: Sun Apr 25 2004 - 15:27:18 GMT-3
If I am not mistaken they are talking about the 127.0.0.1 address or as
Microsoft calls it localhost address. I don't know if the 169.0.254.0
address is a Microsoft registered address. I think this is DHCP reserved
address not specific to Microsoft.
What I wonder is if we are supposed to block all the 127.0.0.0
0.255.255.255 network or only the 127.0.0.1 0.0.0.0 address? And what
does Cisco consider a Microsoft registered address. (Maybe both
127.x.x.x and 169.0.254.x network)
Does any one know a good Cisco link for this subject?
Thanks,
Carlos
Annu Roopa wrote:
>Kenneth and group,
>
>Thanks to all who took time to answer and clarify my doubts. I have another
Q on the same topic which went unanswered. I would like to know what are
MSoft reserved addresses which i see keep getting mentioned in Documents and
on Gstudy.
>
>I think the only reserved MS address is the one when IP does not get
allocated to a MS device by DHCP and it chooses 169.0.254.1. Is this address
right or are there ANY other addresses i should be aware of. Unfortuantely i
am not very Msoft savvy but would be eager to know of any document or URL
which discusses this.
>
>Thanks again,
>Annu
>
>
>
>Kenneth Wygand <KWygand@customonline.com> wrote:
>
>Anna,
>
>
>
>Please read below. All this information is in the original document,
�Router Security
>
>Configuration Guide� published by SNAC and NSA. I�d attach the document
but Groupstudy doesn�t accept attachments, so you can download the document
from the following link:
>
>
>
>http://nsa2.www.conxion.com/cisco/download.htm
>
>
>
><snip>
>
>IP Address Spoof Protection
>
>The filtering suggestions in this sub-section are applicable to border
routers, and most
>
>interior routers. With backbone routers, it is not always feasible to
define �inbound�
>
>and �outbound�.
>
>Inbound Traffic
>
>Do not allow any inbound IP packet that contains an IP address from the
internal
>
>network (e.g., 14.2.6.0), any local host address (127.0.0.0/8), the
link-local DHCP
>
>default network (169.254.0.0/16), the documentation/test network
(192.0.2.0/24), or
>
>any reserved private addresses (refer to RFC 1918) in the source field.
Also, if your
>
>network does not need multicast traffic, then block the IP multicast
address range
>
>(224.0.0.0/4). Apply this access list to the external interface of the
router, as shown
>
>in the transcript below.
>
></snip>
>
>
>
>Let me know if I can be of any further help!
>
>
>
>Kenneth E. Wygand
>Systems Engineer, Project Services
>
>CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
Network+, A+
>Custom Computer Specialists, Inc.
>
>"I am not really smart. I just stick with problems longer."
>-Albert Einstein
>
>
>
>Custom Computer Specialists, Inc.
>
>"Celebrating 25 Years of Excellence"
>
>
>
>
>-----Original Message-----
>From: Annu Roopa [mailto:annu_roopa@yahoo.com]
>Sent: Saturday, April 24, 2004 11:21 PM
>To: Kenneth Wygand; Carlos Marchini; ccielab@groupstudy.com
>Subject: RE: RFC 1918 filtering on ISP Edge router
>
>
>
>Kenneth & group,
>
>
>
>
>
>Can someone shed some more light on what theses addresses are and who uses
them -i mean which protocol or application. What's their use ? Could not
find info on this.
>
>
>
>
>
>East(config)# access-list 100 deny ip 14.2.6.0 0.0.0.255 any log
>East(config)# access-list 100 deny ip 192.0.2.0 0.0.0.255 any log
>East(config)# access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
>East(config)# access-list 100 deny ip 224.0.0.0 15.255.255.255 any log
>
>
>Also in some Cisco documents it says block all Microsoft reserved
addresses.Which of are these so that they cover them all.
>
>
>
>
>
>Thanks for your answers.
>
>
>
>Annu.
>
>
>---------------------------------
>
>
>Do you Yahoo!?
>Yahoo! Photos: High-quality 4x6 digital prints for 25"
>
>
>
>---------------------------------
>Do you Yahoo!?
>Yahoo! Photos: High-quality 4x6 digital prints for 25"
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Mon May 03 2004 - 19:48:55 GMT-3