Re: Block RFC 1918 Addresses

From: Alex H. Ryu (r.hyunseog@ieee.org)
Date: Tue Feb 17 2009 - 18:17:44 ARST

In real world, you may want to block the packets from following ranges.

0.0.0.0/8
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
127.0.0.0/8
192.0.2.0/24
169.254.0.0/16
224.0.0.0/4
240.0.0.0/4

That's about it.

These are what we called "Martian" IP address.

http://www.faqs.org/rfcs/rfc1812.html

For rest of thing, you may want to check bog-on list, which is
frequently updated.

http://www.cymru.com/Documents/bogon-list.html

Also, if you know your inside LAN IP address, you may want to add that
for Internet inbound for WAN interface or something like that.

Tyson Scott wrote:
> But before doing this in the real world beware that the 14 and 24 block are
> actually used by cable/digital companies for address blocks to their
> clients. I know I personally am on the 24 block for my home. And in
> reading RFC 3330, 39.0.0.0/8 and many other addresses previously reserved
> address blocks could actually be released for future use on the public
> internet.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S and Security
> Technical Instructor - IPexpert, Inc.
>
> Telephone: +1.810.326.1444
> Cell: +1.248.504.7309
> Fax: +1.810.454.0130
> Mailto: tscott@ipexpert.com
>
>
>
> -----Original Message-----
> From: Rich Collins [mailto:nilsi2002@gmail.com]
> Sent: Tuesday, February 17, 2009 2:37 PM
> To: Tyson Scott
> Cc: Darby Weaver; John Ciccone; Alexandre Oliveira; Cisco certification
> Subject: Re: Block RFC 1918 Addresses
>
> I had looked at it briefly but admit that I hadn't really read it. So
> the RFC is really just a superset which includes other RFC's such as
> 1918 and 1700?
>
> Then according to this link the complete RFC 3330 set would be:
>
> 0.0.0.0/8
> 10.0.0.0/8
> 14.0.0.0/8
> 24.0.0.0/8
> 39.0.0.0/8
> 127.0.0.0/8
> 128.0.0.0/16
> 169.254.0.0/16
> 172.16.0.0/12
> 191.255.0.0/16
> 192.0.0.0/24
> 192.0.2.0/24
> 192.88.99.0/24
> 192.168.0.0/16
> 198.18.0.0/15
> 223.255.255.0/24
> 224.0.0.0/4
> 240.0.0.0/4
>
>
>
>
> On Tue, Feb 17, 2009 at 11:43 AM, Tyson Scott <tscott@ipexpert.com> wrote:
>
>> Click on the link below and it will give you the detail.
>>
>> Regards,
>>
>> Tyson Scott - CCIE #13513 R&S and Security
>> Technical Instructor - IPexpert, Inc.
>>
>> Telephone: +1.810.326.1444
>> Cell: +1.248.504.7309
>> Fax: +1.810.454.0130
>> Mailto: tscott@ipexpert.com
>>
>>
>>
>>
>> -----Original Message-----
>> From: Rich Collins [mailto:nilsi2002@gmail.com]
>> Sent: Tuesday, February 17, 2009 11:12 AM
>> To: Darby Weaver
>> Cc: Tyson Scott; John Ciccone; Alexandre Oliveira; Cisco certification
>> Subject: Re: Block RFC 1918 Addresses
>>
>> I've seen the RFC 3330 mentioned before in posts. Would someone know
>> the definitive access list for that one?
>>
>> -Rich
>>
>> On Tue, Feb 17, 2009 at 10:43 AM, Darby Weaver <ccie.weaver@gmail.com>
>> wrote:
>>
>>> If the question said RFC1918 -
>>>
>>> Then answer with RFC1918...
>>>
>>> If the test writer did know the difference and marked you wrong...
>>>
>>> Get the refund.
>>>
>>>
>>>
>>>
>>> On Tue, Feb 17, 2009 at 10:23 AM, Tyson Scott <tscott@ipexpert.com>
>>>
> wrote:
>
>>>> John,
>>>>
>>>>
>>>>
>>>> What I said below is to bring clarification for the understanding of
>>>>
> what
>
>>>> is/isn't included with the RFC.
>>>>
>>>>
>>>>
>>>> For the test it would purely be a matter of how the question is worded.
>>>> That would then become a time to request clarification from the proctor
>>>>
>> if
>>
>>>> you are unsure. From my experience it is not typically throttled down
>>>>
>> into
>>
>>>> only one way of accomplishing tasks so a lot is left to interpretation
>>>>
> at
>
>>>> times.
>>>>
>>>>
>>>>
>>>> And it has always been said on netpro that unless a question says to not
>>>> have extra configuration extra configuration is typically acceptable.
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>>
>>>>
>>>> Tyson Scott - CCIE #13513 R&S and Security
>>>>
>>>> Technical Instructor - IPexpert, Inc.
>>>>
>>>>
>>>> Telephone: +1.810.326.1444
>>>> Fax: +1.810.454.0130
>>>> Mailto: tscott@ipexpert.com
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> From: John Ciccone [mailto:ccie.ciccone@gmail.com]
>>>> Sent: Tuesday, February 17, 2009 10:13 AM
>>>> To: Tyson Scott
>>>> Cc: Alexandre Oliveira; Cisco certification
>>>> Subject: Re: Block RFC 1918 Addresses
>>>>
>>>>
>>>>
>>>> Tyson,
>>>>
>>>>
>>>>
>>>> Thanks, you bring up a good point. If we include the other addresses
>>>>
>> just
>>
>>>> to be safe, could that be marked as incorrect? And more importantly,
>>>>
> how
>
>>>> are the proctors with regard to clarifying exactly what is required of a
>>>> task?
>>>>
>>>>
>>>>
>>>> John
>>>>
>>>> On Tue, Feb 17, 2009 at 9:58 AM, Tyson Scott <tscott@ipexpert.com>
>>>>
> wrote:
>
>>>> The 3 addresses are the only ones that are part of RFC 1918. 0.0.0.0/8
>>>>
>> is
>>
>>>> part of RFC1700. 169.254.0.0/16 is part of RFC 3330 - Special-Use IPv4
>>>> Addresses. You will also find 127.0.0.0/8 in this RFC. 224.0.0.0/4 is
>>>> RFC
>>>> 3171 but is included in 3330. Pray they only ask for RFC1918 as RFC
>>>>
> 3330
>
>>>> includes a lot more ;) RFC 3330 is part of the Security exam now.
>>>>
>>>> Often people include other addresses when they ask for 1918 but
>>>>
>> technically
>>
>>>> it is only the three. If a question didn't say to include nothing else
>>>> than
>>>> it can't hurt throwing everything you can think of right ;O
>>>>
>>>> http://www.faqs.org/rfcs/rfc3330.html
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Tyson Scott - CCIE #13513 R&S and Security
>>>>
>>>> Technical Instructor - IPexpert, Inc.
>>>>
>>>> Telephone: +1.810.326.1444
>>>>
>>>> Cell: +1.248.504.7309
>>>>
>>>> Fax: +1.810.454.0130
>>>>
>>>> Mailto: tscott@ipexpert.com
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>>> Alexandre Oliveira
>>>>
>>>> Sent: Tuesday, February 17, 2009 9:35 AM
>>>> To: 'Cisco certification'
>>>>
>>>> Subject: RES: Block RFC 1918 Addresses
>>>>
>>>> I've found the same question in my studies. Some exercises inform that
>>>> RFC1918 should also include this:
>>>>
>>>> deny 0.0.0.0/8 le 32
>>>> deny 10.0.0.0/8 le 32
>>>> deny 127.0.0.0/8 le 32
>>>> deny 169.254.0.0/16 le 32
>>>> deny 172.16.0.0/12 le 32
>>>> deny 192.0.2.0/24 le 32
>>>> deny 192.168.0.0/16 le 32
>>>> deny 224.0.0.0/3 le 32
>>>> permit 0.0.0.0/0 le 32
>>>>
>>>> I mean, deny all "non-allowed" or private prefixes and then permit the
>>>> rest.
>>>> Based on John's following e-mail, which group of address we must
>>>> consider???
>>>>
>>>> Thanks,
>>>>
>>>> Alexandre.
>>>>
>>>>
>>>> -----Mensagem original-----
>>>> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Em nome de John
>>>> Ciccone
>>>> Enviada em: terga-feira, 17 de fevereiro de 2009 11:12
>>>> Para: Cisco certification
>>>> Assunto: Block RFC 1918 Addresses
>>>>
>>>> I recently took a vendors mock lab where the task asked block all
>>>>
> RFC1918
>
>>>> adddress. So, I created an access-list and applied it to deny the
>>>> following:
>>>>
>>>> 10.0.0.0/8
>>>> 172.16.0.0/12
>>>> 192.168.0.0/16
>>>>
>>>> I've read RFC1918 from top to bottom, and the above addresses are the
>>>>
>> only
>>
>>>> ones mentioned. However, upon checking my answers with the solutions,
>>>>
>> they
>>
>>>> also included the following:
>>>>
>>>> 127.0.0.0/8
>>>> 169.254.0.0/16
>>>>
>>>> Now, while the above addresses are not valid internet addresses, they
>>>>
> are
>
>>>> NOT RFC1918 addresses. If the question stated that I should block non
>>>> valid
>>>> internet addresses, then I could see denying the two ip blocks above as
>>>> well. But even in that case, there are at least a half dozen more ipv4
>>>> blocks that are either not valid or not yet allocated for the internet.
>>>>
>>>> My main question is this: If I get the same type of task on the actual
>>>>
>> lab,
>>
>>>> what do I do? Will the questions be specific enough to leave no doubt
>>>> as to what they are looking for (not only for this type of questions,
>>>>
>> but
>>
>>>> any others as well)? If there are any doubt's about what they are
>>>>
>> looking
>>
>>>> for, how helpful will the proctor be in clarifying?
>>>>
>>>> I am scheduled to take the lab in 3 weeks, so any help would be greatly
>>>> appreciated.
>>>>
>>>> Thanks.
>>>>
>>>> John
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST