from http://www.liquifried.com/docs/security/reservednets.html
"For security purposes, reserved addresses should be prevented from both entering and leaving a network (i.e. ingress and egress filtering). Ideally, this filtering will be multi-layer in nature; at a minimum, this sort of filtering should be done at the border of a network." This morning I found an established tcp connection between [EMAIL PROTECTED]:43060 and [EMAIL PROTECTED]:2005 (ip address [EMAIL PROTECTED]:2005 (an IANA reserved address)) Whois does not return any info on the ip name. The connection seems to be incoming only (15718 packets at last check). I put a block all from 5.0.0.0/24 in pf.conf. Additionally, as of this morning, the # on the keyboard displayed as a British Pound sign in console mode until I logged off and logged back in. On Thursday 29 December 2005 12:32, eric wrote: > On Thu, 2005-12-29 at 11:38:22 -0500, Dave Feustel proclaimed... > > > Has anyone on the list experience with using pf to > > block ip addresses in the iana reserved ip address ranges list? > > I don't think any of us have ever thought of that. > > Oh wait..I may have... run this out of cron weekly > > #!/bin/sh > #; $Id: gbogl.sh,v 1.3 2005/01/28 04:47:16 epancer Exp $ > #; a small tool to grab bogon list from team cymru > #; > > PATH="/usr/bin:/bin:/usr/sbin:/sbin" > BOGONFILE="/etc/bogon.txt" > BOGONURL="http://www.cymru.com/Documents/bogon-bn-nonagg.txt"; > > checkfile () { > if [ ! -f $BOGONFILE ]; then > echo "! $BOGONFILE must exist, exiting." > exit 2 > fi > } > > getnewfile () { > lynx -dump $BOGONURL > $BOGONFILE > } > > fixperm () { > chmod 644 $BOGONFILE > } > > logmsg () { > logger -p kern.notice "rewrote $BOGONFILE" > } > > checkfile > getnewfile > fixperm > logmsg > > exit 0 > > > Then... > > table <bogon> persist file "/etc/bogon.txt" > > Somewhere in your pf.conf. > -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
