[78044] in North American Network Operators' Group
RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
daemon@ATHENA.MIT.EDU (Sean Donelan)
Thu Feb 17 03:20:40 2005
Date: Thu, 17 Feb 2005 03:17:57 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: Hank Nussbacher <hank@mail.iucc.ac.il>
Cc: Kunjal Trivedi <kutrived@cisco.com>, nanog@merit.edu
In-Reply-To: <5.1.0.14.2.20050217095519.00ad5ea8@mail.iucc.ac.il>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 17 Feb 2005, Hank Nussbacher wrote:
> >Martian addresses are relatively static, and might be good candidates for
> >one-click security. If you see a 127.0.0.0/8 packet floating around, its
> >probably up to no good.
>
> As are RFC1918 addresses.
Cisco routers are frequently used in enterprise networks, which may use
RFC1918 internally. Again, not a good thing to auto-magically do for
naive network managers. RFC1918 addresses may or may not be legitimate
depending on your network, just like "no ip classless" and the NSA
security guide.
I would not classify RFC1918 as "Martian" addresses.
Of course, if all network equipment did source address validation by
default, you wouldn't need bogon filters.
