Re: Illegal IP addresses???

Sun, 6 Jun 1999 17:17:10 -0700 

Yes, according to RFC 1918 the ranges:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

should be blocked by your ISP from getting on to the wires.  However, I
have dealt with 5 major ISP's (digex, UUnet, PSI, et al to name a few)
that DO NOT follow, nor do they want to follow this RFC.  They would not
give any reasons as to why and frankly I don't see why any major ISP would
want to carry extra 'junk' traffic on their backbones.  The only solution is
to block it at your incoming serial interface.  Ie. w/ a cisco something
like
this:

access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip 255.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip 207.238.162.0 0.0.0.255 any

This will:

1) block the private address ranges
2) block the loopback address (127.0.0.*) which should also not be forwarded
3) block any packets WITHOUT a source address
4) block any packets that have a source address from within MY network.
(i.e.. spoofing)
5) block any packets coming from a 'broadcast' network



Steve

----- Original Message -----
From: Bruce Stephens <[EMAIL PROTECTED]>
To: at Linux-Net <[EMAIL PROTECTED]>
Sent: Sunday, June 06, 1999 19:36
Subject: Illegal IP addresses???


> Hi y'all
>
> I'm getting a few hits on one of our Linux systems from an external
> 192.168.x.x address.
>
> Now please feel free to correct me but I thought 192.168.x.x addresses
were
> not permitted on the Internet!! (Class C range)
>
> Yet this firewall is showing the following
>
> Jun  7 05:48:53 mitsi kernel: IP fw-in rej ppp0 UDP 192.168.5.192:137 <our
> IP address>:137 L=78 S=0x00 I=50150 F=0x0000 T=105
> The hits are in rapid succession (up to 100 trying various IP addresses)
>
> Note the port...
> -  netbios-ns      137/tcp         nbns
> -  netbios-ns      137/udp         nbns
>
> so is this is another illegal Windoze system?
> We have had similar attempts from 192.168.1.65 as well.
>
> PS We do use 192.168.0.x addresses ourselves (internally only through a
> masquerade) but do not use addresses in the 192.168.1.x or 192.168.5.x
> networks. AND we certainly DON'T use Windoze anywhere. (MacOS and Linux).
> Your thoughts would be appreciated.
> Bruce.
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
>

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to