OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Boris Lorenz (bololupa.de)
Date: Fri Jan 19 2001 - 05:36:49 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

    On 19-Jan-01 Richard wrote:
    > Boris
    >
    > On Friday 19 January 2001 10:57, you wrote:
    > rvers...
    >>
    >> You will find the revised list on
    >> www.isi.edu/iana/assignments/ipv4-address-space, or here:
    >>
    >> INTERNET PROTOCOL ADDRESS SPACE
    >>
    >> The allocation of Internet Protocol version 4 (IPv4) address space
    >> to various registries is listed here. Originally, all the IPv4
    >> address spaces was managed directly by the IANA. Later parts of
    >> the address space were allocated to various other registries to
    >> manage for particular purposes or regional areas of the world. RFC
    >> 1466 documents most of these allocations.
    >
    >
    > Now all I have to do is try to understand what to do with it :))

    IANA used to assign any netblock on the internet, from 000/8 to 255/8. After a
    while they decided to transfer the authority for certain address space ranges
    to other registrars like RIPE, APNIC, DENIC, ARIN and so forth.

    There are still a number of netblocks assigned to IANA, so if you build
    firewalls you may want to exclude these from normal traffic because there are no
    users or hosts in these reserved ranges who may contact you. Connection
    attempts from these address ranges are most certainly spoofed and should be
    treated seriously.

    If you use ipchains, all you have to do is to block these ranges. Like this:

    ipchains -A input -i eth0 -s 1.0.0.0/8 -j DENY -l

    This command line denies access for any host in the range 1.0.0.0/8 and logs
    connection attempts to your syslog. 1.0.0.0/8 (as you can see from my list
    posted earlier) still is reserved by IANA and should be blocked. Dito with
    other ranges which are marked "IANA - Reserved".

    You should check back to IANAs website from time to time for updates.

    Just don't block any ranges currently managed by other registrars than IANA
    because some of these netblocks may have been given to ISPs. If you block them,
    some users of these ISPs would not be able to contact you anymore.

    Hope this helps.

    Boris
     
    > Thanks
    >
    > --
    > Richard 

    ---
Boris Lorenz <bololupa.de>
System Security Admin *nix - *nux
---

    ---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com