Re: IPv4 address space.

m.matteson · ‎06-24-2003

Hi. I was reading this article posted on searchnetworking.com (http://searchnetworking.techtarget.com/tip/1,289483,sid7_gci851604,00.html)

in it he suggested that you block addresses called "bogians" on your external interface and suggested this document. http://www.iana.org/assignments/ipv4-address-space i used notepad to extract all block ranges that were IANA reserved and got this list

0

1

2

5

7

23

27

31

36

37

39

41

42

58

59

70-79

83-127

173-187

189-190

197

223

224-239=multicast

240-255

is that document telling me that since they are reserved they are not in use on the internet and therefore i should never see ips originating from these netoworks and to block them from coming into my network?

jezerski · ‎06-25-2003

Your list looks fairly accurate in terms of IANA reserved networks. You can block these, but run the small risk of some these networks being released on the Internet. You would have to adjust your list accordingly, but as of right now, if you are not using things like multicast, then you are safe in blocking them. Also, don't forget the biggest "bogians" of them all. I am referring to the RFC1918 ranges of 10.x.x.x /8 172.16.x.x/12 and 192.168.x.x/16. A large majority of spoofed IP packets originate from these ranges.

HTH

-Joe

m.matteson · ‎06-25-2003

thanks joe for your insight. have a good one!

-Mike

t.baranski · ‎06-25-2003

Keep in mind that by filtering unused address space, you're implicity accepting the responsibility of keeping these filters up to date. See http://puck.nether.net/~jared/papers/69-paper.html for an example of what happens when filters aren't updated upon new IANA IP allocations.