RE: Administrativly scooped address

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Jul 23 2004 - 15:33:34 GMT-3

• Next message: Larry: "RE: Host keyword on Lock and Key"
• Previous message: mcodina@nwncable.com: "RE: Re: Lab test re-read"
• Maybe in reply to: alsontra@hotmail.com: "Administrativly scooped address"
• Next in thread: alsontra@hotmail.com: "Re: Administrativly scooped address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Al,

        It depends what you are trying to match, as there is a big
difference between "private" addresses and "reserved" addresses.
        
        "Private" addresses refer to those defined in RFC1918. These
are the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 addresses.

        "Reserved" addresses refer to a *much* larger block of
addresses, and (just to name a few) include the following:

0.0.0.0/8
1.0.0.0/8
2.0.0.0/8
5.0.0.0/8
7.0.0.0/8
23.0.0.0/8
27.0.0.0/8
31.0.0.0/8
36.0.0.0/8
37.0.0.0/8
39.0.0.0/8
41.0.0.0/8
42.0.0.0/8
71.0.0.0/8
72.0.0.0/8
73.0.0.0/8
74.0.0.0/8
75.0.0.0/8
76.0.0.0/8
77.0.0.0/8
78.0.0.0/8
79.0.0.0/8
89.0.0.0/8
90.0.0.0/8
91.0.0.0/8
92.0.0.0/8
93.0.0.0/8
94.0.0.0/8
95.0.0.0/8
96.0.0.0/8
97.0.0.0/8
98.0.0.0/8
99.0.0.0/8
100.0.0.0/8
101.0.0.0/8
102.0.0.0/8
103.0.0.0/8
104.0.0.0/8
105.0.0.0/8
106.0.0.0/8
107.0.0.0/8
108.0.0.0/8
109.0.0.0/8
110.0.0.0/8
111.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
120.0.0.0/8
121.0.0.0/8
122.0.0.0/8
123.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8
127.0.0.0/8
173.0.0.0/8
174.0.0.0/8
175.0.0.0/8
176.0.0.0/8
177.0.0.0/8
178.0.0.0/8
179.0.0.0/8
180.0.0.0/8
181.0.0.0/8
182.0.0.0/8
183.0.0.0/8
184.0.0.0/8
185.0.0.0/8
186.0.0.0/8
187.0.0.0/8
189.0.0.0/8
190.0.0.0/8
197.0.0.0/8
223.0.0.0/8
240.0.0.0/8
241.0.0.0/8
242.0.0.0/8
243.0.0.0/8
244.0.0.0/8
245.0.0.0/8
246.0.0.0/8
247.0.0.0/8
248.0.0.0/8
249.0.0.0/8
250.0.0.0/8
251.0.0.0/8
252.0.0.0/8
253.0.0.0/8
254.0.0.0/8
255.0.0.0/8

        There are also many addresses that are not included in the
"reserved" range that are not valid addresses. These addresses are
tracked on a list called the "bogon" list, and are addresses that are
not yet allocated, hence not valid (bogus). For more info on the bogon
list see:

http://www.completewhois.com/bogons/data/bogons-cidr-all.txt

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> alsontra@hotmail.com
> Sent: Thursday, July 22, 2004 10:42 PM
> To: ccielab@groupstudy.com
> Subject: Administrativly scooped address
>
> Group,
> If asked to block private ip and multicast ranges, would the
> following accomplish the task? I'm assuming there is an error in
there
> somewhere. I've checked this several times, but apparently I'm somehow
> making
> mistakes?
>
> ADMIN SCOPE FOR IPV4-
>
> ip access-list extended RFC1918
> deny ip 10.0.0.0 0.255.255.255 any
> deny ip 172.16.0.0 0.15.255.255 any
> deny ip 192.168.0.0 0.0.255.255 any
> deny ip 224.0.0.0 15.255.255.255 any
> deny ip 240.0.0.0 15.255.255.255 any
> permit ip any any
>
> ADMIN SCOPE FOR IPV4 MULTICAST
>
> ip access-list extended RFC2365
> deny ip 239.0.0.0 0.255.255.255 any
> permit ip any any
>
> Thanks,
> Alsontra
>
>

• Next message: Larry: "RE: Host keyword on Lock and Key"
• Previous message: mcodina@nwncable.com: "RE: Re: Lab test re-read"
• Maybe in reply to: alsontra@hotmail.com: "Administrativly scooped address"
• Next in thread: alsontra@hotmail.com: "Re: Administrativly scooped address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:01 GMT-3