Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Oct 1999 02:04:52 -0700
From:      "Jan B. Koum " <jkb@best.com>
To:        Ollivier Robert <roberto@keltia.freenix.fr>, FreeBSD Security ML <freebsd-security@FreeBSD.ORG>
Subject:   Re: anti-spoofing
Message-ID:  <19991014020452.A2240@best.com>
In-Reply-To: <19991004001028.A1795@keltia.freenix.fr>; from Ollivier Robert on Mon, Oct 04, 1999 at 12:10:28AM %2B0200
References:  <10882.991003@cityline.ru> <19991004001028.A1795@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 

[sorry about getting here few days late -- way WAY behind on my email]

I think pepole should be blocking the following in addition to rfc1918:


!see http://www.ietf.org/internet-drafts/draft-manning-dsua-01.txt
 deny   ip host 0.0.0.0 any log
 deny   ip 127.0.0.0 0.255.255.255 any log
! example.{com|net}, DHCP default and Multicast
 deny   ip 192.0.2.0 0.0.0.255 any log
 deny   ip 169.254.0.0 0.0.255.255 any log
 deny   ip 224.0.0.0 0.15.255.255 any log


Above is from my cisco router. I'd say first two lines are probably more
important then last three.

-- Yan


On Mon, Oct 04, 1999 at 12:10:28AM +0200, Ollivier Robert <roberto@keltia.freenix.fr> wrote:
> According to Dmitriy Bokiy:
> > Where can I find _the complete_ list of addresses to be blocked?
> 
> RFC-1918.
> 
> It includes the following networks:
> 
>         10.0.0.0/8      (in old pre-CIDR world, a A-class network)
>         172.16.0.0/12   (in old pre-CIDR world, 16 B-class networks)
>         192.168.0.0/16  (in old pre-CIDR world, 256 C-class networks).
> 
> Don't forget to refuse your own prefixes on your incoming interface... That
> is, if you have a.b.c.d/n, you need to refuse this prefix on the incoming
> interface of your router.
> -- 
> Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
> FreeBSD keltia.freenix.fr 4.0-CURRENT #74: Thu Sep  9 00:20:51 CEST 1999
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991014020452.A2240>