RE: Administrativly scooped address

From: Scott Morris (swm@emanon.com)
Date: Fri Jul 23 2004 - 17:42:27 GMT-3

Unless your told to, why are you including multicast and expirimental
ranges?

By your wording, the 1918 addresses are:

3. Private Address Space

   The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private internets:

     10.0.0.0 - 10.255.255.255 (10/8 prefix)
     172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
     192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

(Which of course, could be verified by going to google and searching for RFC
1918) :)

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIP, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
alsontra@hotmail.com
Sent: Friday, July 23, 2004 6:33 PM
To: Brian McGahan; ccielab@groupstudy.com
Subject: Re: Administrativly scooped address

Thanks Brain/All

but..... I'm only interested in verifying 1918 addresses. Would the
following be considered complete?

> > ip access-list extended RFC1918
> > deny ip 10.0.0.0 0.255.255.255 any
> > deny ip 172.16.0.0 0.15.255.255 any
> > deny ip 192.168.0.0 0.0.255.255 any
> > deny ip 224.0.0.0 15.255.255.255 any
> > deny ip 240.0.0.0 15.255.255.255 any
> > permit ip any any
> >

----- Original Message -----
From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
To: <alsontra@hotmail.com>; <ccielab@groupstudy.com>
Sent: Friday, July 23, 2004 11:33 AM
Subject: RE: Administrativly scooped address

> Al,
>
> It depends what you are trying to match, as there is a big
> difference between "private" addresses and "reserved" addresses.
>
> "Private" addresses refer to those defined in RFC1918. These
> are the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 addresses.
>
> "Reserved" addresses refer to a *much* larger block of
> addresses, and (just to name a few) include the following:
>
> 0.0.0.0/8
> 1.0.0.0/8
> 2.0.0.0/8
> 5.0.0.0/8
> 7.0.0.0/8
> 23.0.0.0/8
> 27.0.0.0/8
> 31.0.0.0/8
> 36.0.0.0/8
> 37.0.0.0/8
> 39.0.0.0/8
> 41.0.0.0/8
> 42.0.0.0/8
> 71.0.0.0/8
> 72.0.0.0/8
> 73.0.0.0/8
> 74.0.0.0/8
> 75.0.0.0/8
> 76.0.0.0/8
> 77.0.0.0/8
> 78.0.0.0/8
> 79.0.0.0/8
> 89.0.0.0/8
> 90.0.0.0/8
> 91.0.0.0/8
> 92.0.0.0/8
> 93.0.0.0/8
> 94.0.0.0/8
> 95.0.0.0/8
> 96.0.0.0/8
> 97.0.0.0/8
> 98.0.0.0/8
> 99.0.0.0/8
> 100.0.0.0/8
> 101.0.0.0/8
> 102.0.0.0/8
> 103.0.0.0/8
> 104.0.0.0/8
> 105.0.0.0/8
> 106.0.0.0/8
> 107.0.0.0/8
> 108.0.0.0/8
> 109.0.0.0/8
> 110.0.0.0/8
> 111.0.0.0/8
> 112.0.0.0/8
> 113.0.0.0/8
> 114.0.0.0/8
> 115.0.0.0/8
> 116.0.0.0/8
> 117.0.0.0/8
> 118.0.0.0/8
> 119.0.0.0/8
> 120.0.0.0/8
> 121.0.0.0/8
> 122.0.0.0/8
> 123.0.0.0/8
> 124.0.0.0/8
> 125.0.0.0/8
> 126.0.0.0/8
> 127.0.0.0/8
> 173.0.0.0/8
> 174.0.0.0/8
> 175.0.0.0/8
> 176.0.0.0/8
> 177.0.0.0/8
> 178.0.0.0/8
> 179.0.0.0/8
> 180.0.0.0/8
> 181.0.0.0/8
> 182.0.0.0/8
> 183.0.0.0/8
> 184.0.0.0/8
> 185.0.0.0/8
> 186.0.0.0/8
> 187.0.0.0/8
> 189.0.0.0/8
> 190.0.0.0/8
> 197.0.0.0/8
> 223.0.0.0/8
> 240.0.0.0/8
> 241.0.0.0/8
> 242.0.0.0/8
> 243.0.0.0/8
> 244.0.0.0/8
> 245.0.0.0/8
> 246.0.0.0/8
> 247.0.0.0/8
> 248.0.0.0/8
> 249.0.0.0/8
> 250.0.0.0/8
> 251.0.0.0/8
> 252.0.0.0/8
> 253.0.0.0/8
> 254.0.0.0/8
> 255.0.0.0/8
>
> There are also many addresses that are not included in the
> "reserved" range that are not valid addresses. These addresses are
> tracked on a list called the "bogon" list, and are addresses that are
> not yet allocated, hence not valid (bogus). For more info on the bogon
> list see:
>
> http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > alsontra@hotmail.com
> > Sent: Thursday, July 22, 2004 10:42 PM
> > To: ccielab@groupstudy.com
> > Subject: Administrativly scooped address
> >
> > Group,
> > If asked to block private ip and multicast ranges, would the
> > following accomplish the task? I'm assuming there is an error in
> there
> > somewhere. I've checked this several times, but apparently I'm somehow
> > making
> > mistakes?
> >
> > ADMIN SCOPE FOR IPV4-
> >
> > ip access-list extended RFC1918
> > deny ip 10.0.0.0 0.255.255.255 any
> > deny ip 172.16.0.0 0.15.255.255 any
> > deny ip 192.168.0.0 0.0.255.255 any
> > deny ip 224.0.0.0 15.255.255.255 any
> > deny ip 240.0.0.0 15.255.255.255 any
> > permit ip any any
> >
> > ADMIN SCOPE FOR IPV4 MULTICAST
> >
> > ip access-list extended RFC2365
> > deny ip 239.0.0.0 0.255.255.255 any
> > permit ip any any
> >
> > Thanks,
> > Alsontra
> >
> >
> _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
> from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:01 GMT-3