Greets Paul, Ben,
For most networks there is no reason to see these on the wires:
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
192.0.0.0/24
223.255.255.0/24
255.255.255.128/25
127.0.0.0/8
128.0.0.0/16
This by no means a complete list, but something useful to apply to
borders.
cheers,
.truman.boyes.
---------------------------------------------
Don't suspect your friends -- turn them in!
-- "Brazil"
On Mon, 12 Feb 2001, Ben Nagy wrote:
> > -----Original Message-----
> > From: Paul D. Robertson [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, 10 February 2001 12:22
> > To: Mark Teicher
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: Getting hit from 10.1.1.169
> >
> >
> > On Fri, 9 Feb 2001, Mark Teicher wrote:
> >
> > > If your upstream provider or Service Provider does not
> > filter private
> > > addresses, ask them to do so, and suggest the following
> > filter changes to them
> > >
> > > !Block RFC 1918 on inbound interface from Service Provider
> > > access-list 150 deny ip 10.0.0.0 0.255.255.255 255.0.0.0
> > 0.255.255.255
> > > access-list 150 deny ip 127.0.0.0 0.255.255.255 255.0.0.0
> > 0.255.255.255
> > > access-list 150 deny ip 172.16.0.0 0.15.255.255 255.240.0.0
> > 0.15.255.255
> > > access-list 150 deny ip 192.168.0.0 0.0.255.255 255.255.0.0
> > 0.0.255.255
> >
> > If anyone's applying this on their border router or asking an
> > ISP to do
> > so, *please* *please* *please* also apply it outbound on the external
> > interface.
>
> Amen.
>
> [snip]
> >
> > Also, it's worth adding the default PnP DHCP address range
> > (which I don't
> > have handy at the moment) to the list.
>
> 169.254.0.0/16, isn't it?
>
> > I'd also add stuff
> > sourced from
> > 0.0.0.0 and 255.n.n.n.
>
> [snip]
>
> > Paul
>
> Cheers,
>
> --
> Ben Nagy
> Network Security Specialist
> Marconi Services Australia Pty Ltd
> Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
