Juniper security appnote + martians
Gents, I thought I would pose the martians question here as well... I'm trying to find out additional information on the reasoning behind adding these martians to the Juniper's security appnote found on their website: Prefix Description 19.255.0.0/16 Ford Motor Company 129.156.0.0/16 Sun Microsystems 192.5.0.0/24no match 192.9.200.0/24 no match 192.9.99.0/24 Sun Microsystems I don't see a single reference to these in Cisco's IOS Essentials www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip , Bill Manning's draft, www.ietf.org/internet-drafts/draft-manning-dsua-08.txt or Rob T's Bogon List. www.cymru.com/Documents/bogon-list.html I base my bogon filtering for the JUNOS Secure Template and JUNOS Secure BGP Template at www.qorbit.net/documents/junos-template.pdf www.qorbit.net/documents/junos-bgp-template.pdf www.qorbit.net/documents/junos-bgp-appnote.pdf on Rob's list. What are your thoughts on filtering the above prefixes? Are some of these worthy of being added to the master bogon list? Now, on to some of Juniper default martians: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24 These prefixes seem to be based on www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm curious what the reasoning is behind selecting these prefixes only. Also, given that these may be allocated in the future (per the draft) what are your thoughts on having these in Juniper's default config? Perhaps these would be good additions to a dynamic (up-to-date) bogon list instead of a static placement in JUNOS even though they can be overridden if necessary. Thoughts? -- steve
Re: Juniper security appnote + martians
Now, on to some of Juniper default martians: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24 These prefixes seem to be based on www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm curious what the reasoning is behind selecting these prefixes only. Also, given that these may be allocated in the future (per the draft) what are your thoughts on having these in Juniper's default config? Perhaps these would be good additions to a dynamic (up-to-date) bogon list instead of a static placement in JUNOS even though they can be overridden if necessary. Thoughts? -- steve These nets were the boundary networks that defined classful delegations. To round it out properly, one should include the following: 0.255.255.0/24 126.0.0.0/24 127.255.255.0/24 ... and the top end of the D space with the advent of classless addressing (circa 1997) these martian spaces are vestigal. They can be assigned although it is unlikely that they will be placed into active use until there is much more of the v4 space delegated. The IANA draft is retro by including them as special. They aren't these days. --bill
Re: Juniper security appnote + martians
Gents, I thought I would pose the martians question here as well... I'm trying to find out additional information on the reasoning behind adding these martians to the Juniper's security appnote found on their website: PrefixDescription 19.255.0.0/16 Ford Motor Company 129.156.0.0/16Sun Microsystems 192.5.0.0/24 no match 192.9.200.0/24no match 192.9.99.0/24 Sun Microsystems A number of these prefixes were used in early documentation and as such were widely deployed by early adopters of IP. In the bad old days a large number of sites stood up IP networks in isolation, only interconecting -after- inital rollout was done. Consider it as an early empirical trials with RFC 1918 space :) Based on the confusion, 192.0.2.0/24 was earmarked for use in documentation... :) I know of no good reason why Juniper continues to flag these legacy blocks. --bill
RE: Juniper security appnote + martians
So as not to cause confusion, the complete current JUNOS martian list is: 0.0.0.0/8 127.0.0.0/8 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24 240.0.0.0/4 My questions were on a select portion of these, and a portion of the ones listed in the security appnote on their website. Cheers, -- steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 10:53 AM To: Stephen Gill Cc: [EMAIL PROTECTED] Subject: Re: Juniper security appnote + martians Now, on to some of Juniper default martians: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24 These prefixes seem to be based on www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm curious what the reasoning is behind selecting these prefixes only. Also, given that these may be allocated in the future (per the draft) what are your thoughts on having these in Juniper's default config? Perhaps these would be good additions to a dynamic (up-to-date) bogon list instead of a static placement in JUNOS even though they can be overridden if necessary. Thoughts? -- steve These nets were the boundary networks that defined classful delegations. To round it out properly, one should include the following: 0.255.255.0/24 126.0.0.0/24 127.255.255.0/24 ... and the top end of the D space with the advent of classless addressing (circa 1997) these martian spaces are vestigal. They can be assigned although it is unlikely that they will be placed into active use until there is much more of the v4 space delegated. The IANA draft is retro by including them as special. They aren't these days. --bill