RE: Administrativly scooped address

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Jul 23 2004 - 17:37:40 GMT-3

• Next message: James: "Re: RV: AS-PATH REGEXP QUESTION!!!"
• Previous message: Wang Dehong-DWANG1: "ISIS mutiple area question.."
• Maybe in reply to: alsontra@hotmail.com: "Administrativly scooped address"
• Next in thread: Scott Morris: "RE: Administrativly scooped address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Al,

        No. RFC 1918 only defines 10.0.0.0/8, 172.16.0.0/12, and
192.168.0.0/16 as private.

http://www.internetworkexpert.com/rfc/rfc1918.txt

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
> Sent: Friday, July 23, 2004 5:33 PM
> To: Brian McGahan; ccielab@groupstudy.com
> Subject: Re: Administrativly scooped address
>
> Thanks Brain/All
>
> but..... I'm only interested in verifying 1918 addresses. Would the
> following be considered complete?
>
> > > ip access-list extended RFC1918
> > > deny ip 10.0.0.0 0.255.255.255 any
> > > deny ip 172.16.0.0 0.15.255.255 any
> > > deny ip 192.168.0.0 0.0.255.255 any
> > > deny ip 224.0.0.0 15.255.255.255 any
> > > deny ip 240.0.0.0 15.255.255.255 any
> > > permit ip any any
> > >
>
>
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: <alsontra@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Friday, July 23, 2004 11:33 AM
> Subject: RE: Administrativly scooped address
>
>
> > Al,
> >
> > It depends what you are trying to match, as there is a big
> > difference between "private" addresses and "reserved" addresses.
> >
> > "Private" addresses refer to those defined in RFC1918. These
> > are the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 addresses.
> >
> > "Reserved" addresses refer to a *much* larger block of
> > addresses, and (just to name a few) include the following:
> >
> > 0.0.0.0/8
> > 1.0.0.0/8
> > 2.0.0.0/8
> > 5.0.0.0/8
> > 7.0.0.0/8
> > 23.0.0.0/8
> > 27.0.0.0/8
> > 31.0.0.0/8
> > 36.0.0.0/8
> > 37.0.0.0/8
> > 39.0.0.0/8
> > 41.0.0.0/8
> > 42.0.0.0/8
> > 71.0.0.0/8
> > 72.0.0.0/8
> > 73.0.0.0/8
> > 74.0.0.0/8
> > 75.0.0.0/8
> > 76.0.0.0/8
> > 77.0.0.0/8
> > 78.0.0.0/8
> > 79.0.0.0/8
> > 89.0.0.0/8
> > 90.0.0.0/8
> > 91.0.0.0/8
> > 92.0.0.0/8
> > 93.0.0.0/8
> > 94.0.0.0/8
> > 95.0.0.0/8
> > 96.0.0.0/8
> > 97.0.0.0/8
> > 98.0.0.0/8
> > 99.0.0.0/8
> > 100.0.0.0/8
> > 101.0.0.0/8
> > 102.0.0.0/8
> > 103.0.0.0/8
> > 104.0.0.0/8
> > 105.0.0.0/8
> > 106.0.0.0/8
> > 107.0.0.0/8
> > 108.0.0.0/8
> > 109.0.0.0/8
> > 110.0.0.0/8
> > 111.0.0.0/8
> > 112.0.0.0/8
> > 113.0.0.0/8
> > 114.0.0.0/8
> > 115.0.0.0/8
> > 116.0.0.0/8
> > 117.0.0.0/8
> > 118.0.0.0/8
> > 119.0.0.0/8
> > 120.0.0.0/8
> > 121.0.0.0/8
> > 122.0.0.0/8
> > 123.0.0.0/8
> > 124.0.0.0/8
> > 125.0.0.0/8
> > 126.0.0.0/8
> > 127.0.0.0/8
> > 173.0.0.0/8
> > 174.0.0.0/8
> > 175.0.0.0/8
> > 176.0.0.0/8
> > 177.0.0.0/8
> > 178.0.0.0/8
> > 179.0.0.0/8
> > 180.0.0.0/8
> > 181.0.0.0/8
> > 182.0.0.0/8
> > 183.0.0.0/8
> > 184.0.0.0/8
> > 185.0.0.0/8
> > 186.0.0.0/8
> > 187.0.0.0/8
> > 189.0.0.0/8
> > 190.0.0.0/8
> > 197.0.0.0/8
> > 223.0.0.0/8
> > 240.0.0.0/8
> > 241.0.0.0/8
> > 242.0.0.0/8
> > 243.0.0.0/8
> > 244.0.0.0/8
> > 245.0.0.0/8
> > 246.0.0.0/8
> > 247.0.0.0/8
> > 248.0.0.0/8
> > 249.0.0.0/8
> > 250.0.0.0/8
> > 251.0.0.0/8
> > 252.0.0.0/8
> > 253.0.0.0/8
> > 254.0.0.0/8
> > 255.0.0.0/8
> >
> > There are also many addresses that are not included in the
> > "reserved" range that are not valid addresses. These addresses are
> > tracked on a list called the "bogon" list, and are addresses that
are
> > not yet allocated, hence not valid (bogus). For more info on the
bogon
> > list see:
> >
> > http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> > Of
> > > alsontra@hotmail.com
> > > Sent: Thursday, July 22, 2004 10:42 PM
> > > To: ccielab@groupstudy.com
> > > Subject: Administrativly scooped address
> > >
> > > Group,
> > > If asked to block private ip and multicast ranges, would
the
> > > following accomplish the task? I'm assuming there is an error in
> > there
> > > somewhere. I've checked this several times, but apparently I'm
somehow
> > > making
> > > mistakes?
> > >
> > > ADMIN SCOPE FOR IPV4-
> > >
> > > ip access-list extended RFC1918
> > > deny ip 10.0.0.0 0.255.255.255 any
> > > deny ip 172.16.0.0 0.15.255.255 any
> > > deny ip 192.168.0.0 0.0.255.255 any
> > > deny ip 224.0.0.0 15.255.255.255 any
> > > deny ip 240.0.0.0 15.255.255.255 any
> > > permit ip any any
> > >
> > > ADMIN SCOPE FOR IPV4 MULTICAST
> > >
> > > ip access-list extended RFC2365
> > > deny ip 239.0.0.0 0.255.255.255 any
> > > permit ip any any
> > >
> > > Thanks,
> > > Alsontra
> > >
> > >
> >

• Next message: James: "Re: RV: AS-PATH REGEXP QUESTION!!!"
• Previous message: Wang Dehong-DWANG1: "ISIS mutiple area question.."
• Maybe in reply to: alsontra@hotmail.com: "Administrativly scooped address"
• Next in thread: Scott Morris: "RE: Administrativly scooped address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:01 GMT-3