From: istong@stong.org
Date: Fri Jul 23 2004 - 21:10:03 GMT-3
Looks complete to me if only interested in RFC1918
addresses.
>
> but..... I'm only interested in verifying 1918
> addresses. Would the following be considered complete?
>
> > > ip access-list extended RFC1918
> > > deny ip 10.0.0.0 0.255.255.255 any
> > > deny ip 172.16.0.0 0.15.255.255 any
> > > deny ip 192.168.0.0 0.0.255.255 any
> > > deny ip 224.0.0.0 15.255.255.255 any
> > > deny ip 240.0.0.0 15.255.255.255 any
> > > permit ip any any
> > >
>
>
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: <alsontra@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Friday, July 23, 2004 11:33 AM
> Subject: RE: Administrativly scooped address
>
>
> > Al,
> >
> > It depends what you are trying to match, as there is a
> > big difference between "private" addresses and
> "reserved" addresses. >
> > "Private" addresses refer to those defined in RFC1918.
> > These are the 10.0.0.0/8, 172.16.0.0/12, and
> 192.168.0.0/16 addresses. >
> > "Reserved" addresses refer to a *much* larger block of
> > addresses, and (just to name a few) include the
> following: >
> > 0.0.0.0/8
> > 1.0.0.0/8
> > 2.0.0.0/8
> > 5.0.0.0/8
> > 7.0.0.0/8
> > 23.0.0.0/8
> > 27.0.0.0/8
> > 31.0.0.0/8
> > 36.0.0.0/8
> > 37.0.0.0/8
> > 39.0.0.0/8
> > 41.0.0.0/8
> > 42.0.0.0/8
> > 71.0.0.0/8
> > 72.0.0.0/8
> > 73.0.0.0/8
> > 74.0.0.0/8
> > 75.0.0.0/8
> > 76.0.0.0/8
> > 77.0.0.0/8
> > 78.0.0.0/8
> > 79.0.0.0/8
> > 89.0.0.0/8
> > 90.0.0.0/8
> > 91.0.0.0/8
> > 92.0.0.0/8
> > 93.0.0.0/8
> > 94.0.0.0/8
> > 95.0.0.0/8
> > 96.0.0.0/8
> > 97.0.0.0/8
> > 98.0.0.0/8
> > 99.0.0.0/8
> > 100.0.0.0/8
> > 101.0.0.0/8
> > 102.0.0.0/8
> > 103.0.0.0/8
> > 104.0.0.0/8
> > 105.0.0.0/8
> > 106.0.0.0/8
> > 107.0.0.0/8
> > 108.0.0.0/8
> > 109.0.0.0/8
> > 110.0.0.0/8
> > 111.0.0.0/8
> > 112.0.0.0/8
> > 113.0.0.0/8
> > 114.0.0.0/8
> > 115.0.0.0/8
> > 116.0.0.0/8
> > 117.0.0.0/8
> > 118.0.0.0/8
> > 119.0.0.0/8
> > 120.0.0.0/8
> > 121.0.0.0/8
> > 122.0.0.0/8
> > 123.0.0.0/8
> > 124.0.0.0/8
> > 125.0.0.0/8
> > 126.0.0.0/8
> > 127.0.0.0/8
> > 173.0.0.0/8
> > 174.0.0.0/8
> > 175.0.0.0/8
> > 176.0.0.0/8
> > 177.0.0.0/8
> > 178.0.0.0/8
> > 179.0.0.0/8
> > 180.0.0.0/8
> > 181.0.0.0/8
> > 182.0.0.0/8
> > 183.0.0.0/8
> > 184.0.0.0/8
> > 185.0.0.0/8
> > 186.0.0.0/8
> > 187.0.0.0/8
> > 189.0.0.0/8
> > 190.0.0.0/8
> > 197.0.0.0/8
> > 223.0.0.0/8
> > 240.0.0.0/8
> > 241.0.0.0/8
> > 242.0.0.0/8
> > 243.0.0.0/8
> > 244.0.0.0/8
> > 245.0.0.0/8
> > 246.0.0.0/8
> > 247.0.0.0/8
> > 248.0.0.0/8
> > 249.0.0.0/8
> > 250.0.0.0/8
> > 251.0.0.0/8
> > 252.0.0.0/8
> > 253.0.0.0/8
> > 254.0.0.0/8
> > 255.0.0.0/8
> >
> > There are also many addresses that are not included in
> > the "reserved" range that are not valid addresses.
> > These addresses are tracked on a list called the "bogon"
> > list, and are addresses that are not yet allocated,
> > hence not valid (bogus). For more info on the bogon
> list see: >
> >
>
http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > > alsontra@hotmail.com
> > > Sent: Thursday, July 22, 2004 10:42 PM
> > > To: ccielab@groupstudy.com
> > > Subject: Administrativly scooped address
> > >
> > > Group,
> > > If asked to block private ip and multicast
> > > ranges, would the following accomplish the task? I'm
> > assuming there is an error in there
> > > somewhere. I've checked this several times, but
> > > apparently I'm somehow making
> > > mistakes?
> > >
> > > ADMIN SCOPE FOR IPV4-
> > >
> > > ip access-list extended RFC1918
> > > deny ip 10.0.0.0 0.255.255.255 any
> > > deny ip 172.16.0.0 0.15.255.255 any
> > > deny ip 192.168.0.0 0.0.255.255 any
> > > deny ip 224.0.0.0 15.255.255.255 any
> > > deny ip 240.0.0.0 15.255.255.255 any
> > > permit ip any any
> > >
> > > ADMIN SCOPE FOR IPV4 MULTICAST
> > >
> > > ip access-list extended RFC2365
> > > deny ip 239.0.0.0 0.255.255.255 any
> > > permit ip any any
> > >
> > > Thanks,
> > > Alsontra
> > >
> > >
> >
> __________________________________________________________
> > > _____________ Please help support GroupStudy by
> > purchasing your study materials from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> __________________________________________________________
> > _____________ Please help support GroupStudy by
> > purchasing your study materials from:
> http://shop.groupstudy.com >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing
> your study materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
______________________________________________
Check Your Email From Any Where in the World!
Tell Your Friends about MyEmail.com!
______________________________________________
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:01 GMT-3