RE: Filtering RFC 1918

From: Scott Morris (swm@emanon.com)
Date: Sun May 21 2006 - 11:00:55 ART

If you are asked for RFC1918 addresses, I would do JUST those three.

If you are choosing to add others for security stuff, those two are good,
and 169.254.0.0/16 and any of your own internal public Ips.

For that matter, there's an entire list of things called 'bogons' that are
good to filter. But we don't get any extra points for things in the CCIE
lab. So I'd do only what they ask for. No more, no less.

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Larry Chuon
Sent: Sunday, May 21, 2006 8:12 AM
To: Kashif Masood
Cc: marvingreenlee@yahoo.com; ccielab@groupstudy.com
Subject: Re: Filtering RFC 1918

Those three ranges are RFC1918.

I personally would filter out host 0.0.0.0 and 127.0.0.0 0.255.255.255 as
well. What does everyone think about think?

On 5/21/06, Kashif Masood <kashifmasood27@hotmail.com> wrote:
>
> Thanks for your reply. So if we want to deny just the RFC 1918 for
> 172.16.0.0 to 172.31.0.0
>
> the following line is correct.
>
> 172.16.0.0 0.15.255.255
>
> Can you please confirm
>
> Thanks
>
>
>
> >From: Marvin Greenlee <marvingreenlee@yahoo.com>
> >To: Kashif Masood <kashifmasood27@hotmail.com>,
> >ccielab@groupstudy.com
> >Subject: Re: Filtering RFC 1918
> >Date: Sat, 20 May 2006 23:21:20 -0700 (PDT)
> >
> >.15 as a wildcard mask says that you don't care about the last 4
> >bits. This means you are matching a group of 16. The group of 16
> >starts at a multiple of 16, which in this case is 16, so it would
> >match 16 to 31.
> >
> >
> >.31 as a wildcard mask says that you don't care about the last 5
> >bits. This means you are matching a group of 32. The group of 32
> >starts at a multiple of 32, which would be 0, and would cover 0 to 31
> >(excess
> >overlap)
> >
> >
> >--- Kashif Masood <kashifmasood27@hotmail.com> wrote:
> >
> > > Hi Team:
> > >
> > > This may be a very basic question, but I am confused about which
> > > access-list is right
> > >
> > > We know that the private address range is 172.16.0.0 172.31.0.0
> > > /12
> > >
> > > So if we have to filter RFC 1918 addresses, which access-list is
> > > right
> > >
> > > access-list 10 deny 172.16.0.0 0.15.255.255
> > >
> > > or
> > >
> > > access-list 10 deny 172.16.0.0 0.31.255.255
> > >
> > > Your input will be highly appreciated.
> > >
> > > Thanks
> > >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam? Yahoo! Mail has the best spam protection around
> >http://mail.yahoo.com
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from McAfee.
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART