Greets Paul, Ben,

For most networks there is no reason to see these on the wires:

192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
192.0.0.0/24
223.255.255.0/24
255.255.255.128/25
127.0.0.0/8
128.0.0.0/16

This by no means a complete list, but something useful to apply to
borders.

cheers,
.truman.boyes.
---------------------------------------------
Don't suspect your friends -- turn them in!                             
                -- "Brazil"


On Mon, 12 Feb 2001, Ben Nagy wrote:

> > -----Original Message-----
> > From: Paul D. Robertson [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, 10 February 2001 12:22 
> > To: Mark Teicher
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: Getting hit from 10.1.1.169
> > 
> > 
> > On Fri, 9 Feb 2001, Mark Teicher wrote:
> > 
> > > If your upstream provider or Service Provider does not 
> > filter private 
> > > addresses, ask them to do so, and suggest the following 
> > filter changes to them
> > > 
> > > !Block RFC 1918 on inbound interface from Service Provider
> > > access-list 150 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 
> > 0.255.255.255
> > > access-list 150 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 
> > 0.255.255.255
> > > access-list 150 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 
> > 0.15.255.255
> > > access-list 150 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 
> > 0.0.255.255
> > 
> > If anyone's applying this on their border router or asking an 
> > ISP to do
> > so, *please* *please* *please* also apply it outbound on the external
> > interface.
> 
> Amen.
> 
> [snip]
> > 
> > Also, it's worth adding the default PnP DHCP address range 
> > (which I don't
> > have handy at the moment) to the list.  
> 
> 169.254.0.0/16, isn't it?
> 
> > I'd also add stuff 
> > sourced from
> > 0.0.0.0 and 255.n.n.n.
> 
> [snip]
> 
> > Paul
> 
> Cheers,
> 
> --
> Ben Nagy
> Network Security Specialist
> Marconi Services Australia Pty Ltd
> Mb: +61 414 411 520  PGP Key ID: 0x1A86E304
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to