Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Reserved IP Blocks

0 views
Skip to first unread message

Dave

unread,
Sep 9, 2002, 3:59:31 PM9/9/02
to
Where is the current list of reserved IP subnets kept? i.e.
(192.168.0.0) I would like to drop any un-routable/usable packets for
obvious security reasons.

Thanks in advance,
Dave

Mikkel C. Simonsen

unread,
Sep 9, 2002, 4:03:37 PM9/9/02
to
Dave wrote:
>
> Where is the current list of reserved IP subnets kept? i.e.
> (192.168.0.0) I would like to drop any un-routable/usable packets for
> obvious security reasons.'

Be sure to use an updated list. Some lists include 80.x as an unused
network, which has caused a lot of problems for people in Denmark...

Best regards,

Mikkel C. Simonsen


> Thanks in advance,
> Dave

James A. Robbins

unread,
Sep 9, 2002, 4:52:05 PM9/9/02
to
----- Original Message -----
From: "Dave" <g0...@cyberedge.net>
To: <ipfi...@coombs.anu.edu.au>
Sent: Monday, September 09, 2002 3:17 PM
Subject: Reserved IP Blocks


> Where is the current list of reserved IP subnets kept? i.e.
> (192.168.0.0) I would like to drop any un-routable/usable packets for
> obvious security reasons.
>

> Thanks in advance,
> Dave

Here is what we block **outgoing**:

#
# Pass outgoing Multicast traffic except for Administratively Scoped packets
#
block in quick from any to 239.0.0.0/8 group 100 # Block Administratively
Scoped packets
pass in quick from any to 224.0.0.0/4 group 100 # Pass all other Class D
Multicast traffic

#
# Block all source routed packets (along with any other kind of IP option
packet)
# (This must take place after the Multicast hole because Multicast uses IP
options)
#
block in quick all with ipopt group 100

#
# Block bogus destination addresses from leaving our network
#
block in log quick from any to 192.168.0.0/16 group 100 # RFC 1918
(private) Address Space
block in log quick from any to 172.16.0.0/12 group 100 # "
block in log quick from any to 10.0.0.0/8 group 100 # "
block in quick from any to 127.0.0.0/8 group 100 # Loopback
addresses
block in quick from any to 0.0.0.0/8 group 100 # Broadcast
addresses
block in quick from any to 128.146.235.255 group 100 # "
block in quick from any to 255.255.255.255 group 100 # "
block in quick from any to 169.254.0.0/16 group 100 # Link Local
addresses
block in log quick from any to 192.0.2.0/24 group 100 # Test-Net
addresses
block in log quick from any to 240.0.0.0/5 group 100 # Class E Multicast
block in log quick from any to 248.0.0.0/5 group 100 # Unallocated
addresses

#
# Block and ignore outgoing traffic from Localhost (127.x.x.x)
#
block in quick from 127.0.0.0/8 to any group 100

#
# Block outgoing packets with reply addresses not in our address range
#
block in log quick from !<our address range> to any group 100

and **incoming**:

#
# Block bogus source addresses from entering our network
#
block in log quick on fxp1 from 192.168.0.0/16 to any # RFC1918
(private) addresses
block in log quick on fxp1 from 172.16.0.0/12 to any # "
block in log quick on fxp1 from 10.0.0.0/8 to any # "
block in log quick on fxp1 from 127.0.0.0/8 to any # Loopback
addresses
block in log quick on fxp1 from 0.0.0.0/8 to any # Broadcast
addresses
block in log quick on fxp1 from 255.255.255.255/32 to any # "
block in log quick on fxp1 from 169.254.0.0/16 to any # Link Local
addresses
block in log quick on fxp1 from 192.0.2.0/24 to any # Test-Net
addresses
block in log quick on fxp1 from 240.0.0.0/5 to any # Class E
Multicast
block in log quick on fxp1 from 248.0.0.0/5 to any # Unallocated
addresses

#
# Block incoming Smurf attacks
#
block in log quick on fxp1 from any to <our address range>.0/32
block in log quick on fxp1 from any to <our address range>.255/32

#
# Block incoming packets with source addresses from our address range
#
block in log quick on fxp1 from <our address range> to any

#
# Allow incoming Multicast traffic except for Administratively Scoped
packets
#
block in log quick from any to 239.0.0.0/8 # Block Administratively Scoped
packets
pass in quick from any to 224.0.0.0/4 # Let all other Class D Multicast
through

#
# Block all source routed packets (along with any other kind of IP option
packet)
# (This must take place after the Multicast hole because Multicast uses IP
options)
#
# If this is too draconian then it can be changed to:
# block in log quick all with opt lsrr # (block only loose source routed
packets)
# block in log quick all with opt ssrr # (block only strict source routed
packets)
#
block in quick all with ipopt

#
# Block all short packets and fragmented packets
#
block in log quick all with short
block in log quick all with frag

#
# Block incoming packets with destination addresses not in our address range
#
block in log quick on fxp1 from any to !<our address range>

#
# ********** ICMP Filters **********
#
block in log quick on fxp1 proto icmp all head 200

#
# Allow some specific incoming ICMP packets
# (Keep state on outgoing ICMP packets will allow ICMP replies to get
through)
#
pass in quick proto icmp all icmp-type 3 group 200 # Destination
Unreachable
pass in quick proto icmp all icmp-type 4 group 200 # Source Quench
pass in log quick proto icmp all icmp-type 8 group 200 # Echo Request (with
logging)
pass in quick proto icmp all icmp-type 11 group 200 # Time Exceeded for
Datagram
pass in quick proto icmp all icmp-type 12 group 200 # Parameter Problem
on a Datagram

#
# Do not count the firewall as a hop for Traceroute on UNIX systems
#
block in quick on fxp1 fastroute proto udp from any to any port 33434 ><
33465

#
# Block the Following Incoming High Ports
# (remove when all high ports are blocked)
#
block in log quick on fxp1 proto tcp/udp from any to any port > 1023 head
300

block in log quick proto tcp/udp from any to any port = 1433 group
300 # Windows SQL Server
block in log quick proto tcp from any to any port = 1524 group
300 # Bob backdoor
block in log quick proto tcp from any to any port = 1981 group
300 # Bob backdoor variant
block in log quick proto tcp/udp from any to any port = 2000 group
300 # Openwindows
block in log quick proto tcp/udp from any to any port = 2049 group
300 # NFS
block in log quick proto tcp/udp from any to any port = 4045 group
300 # Lockd
block in log quick proto udp from any to any port 5999 >< 6010 group
300 # Xwindows X:0 to X:9
block in log quick proto tcp from any to any port = 6112 group
300 # DTSPC backdoor
block in log quick proto tcp from any to any port = 7000 group
300 # unknown Windows backdoor
block in log quick proto tcp/udp from any to any port = 8888 group
300 # darkIRC backdoor
block in log quick proto tcp from any to any port = 12345 group
300 # NetBus
block in log quick proto tcp from any to any port = 12346 group
300 # NetBus variant
block in log quick proto tcp from any to any port = 18725 group
300 # SSH Trojan backdoor
block in log quick proto udp from any to any port = 27444 group
300 # Trinoo backdoor
block in log quick proto tcp from any to any port = 27665 group
300 # Trinoo backdoor
block in log quick proto udp from any to any port = 31335 group
300 # Trinoo backdoor
block in log quick proto udp from any to any port = 31337 group
300 # BackOrifice
block in log quick proto tcp from any to any port = 46682 group
300 # Root.bat and Root.reg backdoor


James A. Robbins

unread,
Sep 9, 2002, 4:52:05 PM9/9/02
to

and **incoming**:

block in log quick on fxp1 from 224.0.0.0/4 to any # Class D

James A. Robbins

unread,
Sep 9, 2002, 4:52:05 PM9/9/02
to

James A. Robbins

unread,
Sep 9, 2002, 4:52:06 PM9/9/02
to

Xiaodan Tang

unread,
Sep 9, 2002, 5:03:55 PM9/9/02
to
I believe IANA is now the offical keeper.

http://www.iana.org/assignments/ipv4-address-space

-xtang
----- Original Message -----
From: Mike Tancsa <mi...@sentex.net>
To: Dave <g0...@cyberedge.net>; <ipfi...@coombs.anu.edu.au>
Sent: Monday, September 09, 2002 4:09 PM
Subject: Re: Reserved IP Blocks


>
> I believe RFC1918 documents this.
>
> http://www.isi.edu/in-notes/rfc1918.txt
>
> ---Mike

0 new messages