Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

IPv4 address space.

Hi. I was reading this article posted on searchnetworking.com (http://searchnetworking.techtarget.com/tip/1,289483,sid7_gci851604,00.html)

in it he suggested that you block addresses called "bogians" on your external interface and suggested this document. http://www.iana.org/assignments/ipv4-address-space i used notepad to extract all block ranges that were IANA reserved and got this list

0

1

2

5

7

23

27

31

36

37

39

41

42

58

59

70-79

83-127

173-187

189-190

197

223

224-239=multicast

240-255

is that document telling me that since they are reserved they are not in use on the internet and therefore i should never see ips originating from these netoworks and to block them from coming into my network?

3 REPLIES
New Member

Re: IPv4 address space.

Your list looks fairly accurate in terms of IANA reserved networks. You can block these, but run the small risk of some these networks being released on the Internet. You would have to adjust your list accordingly, but as of right now, if you are not using things like multicast, then you are safe in blocking them. Also, don't forget the biggest "bogians" of them all. I am referring to the RFC1918 ranges of 10.x.x.x /8 172.16.x.x/12 and 192.168.x.x/16. A large majority of spoofed IP packets originate from these ranges.

HTH

-Joe

New Member

Re: IPv4 address space.

thanks joe for your insight. have a good one!

-Mike

Bronze

Re: IPv4 address space.

Keep in mind that by filtering unused address space, you're implicity accepting the responsibility of keeping these filters up to date. See http://puck.nether.net/~jared/papers/69-paper.html for an example of what happens when filters aren't updated upon new IANA IP allocations.

166
Views
0
Helpful
3
Replies
CreatePlease to create content