Date: Tue, 25 Jan 2000 01:26:26 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: madscientist@thegrid.net (The Mad Scientist) Cc: freebsd-security@FreeBSD.ORG Subject: Re: more complete ipfw rules Message-ID: <200001250926.BAA70323@gndrsh.dnsmgr.net> In-Reply-To: <4.1.20000124201245.00962220@mail.thegrid.net> from The Mad Scientist at "Jan 24, 2000 08:51:27 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
...
> I have this commented-out line in my ruleset.
> #$fwcmd add 550 deny log ip from 169.254.0.0/16 to any in via ${out_if}
> Don't quite remember what it's for. I hope it's not another wasted class
> B. Can anyone enlighten me?
It is another wasted class B, it is not in any global bgp4 view I can
find, and disallowed as either src or dst on many a border router.
I seem to recall some of either the Microsoft or Novell software uses
them on a local network to run strange protocols over IP that don't
need to be global routed, but can't find any reference notes to them
here.
> watchtower:/root# whois -a 169.254.0.0
> Internet Assigned Numbers Authority (IANA)
> (NETBLK-LINKLOCAL)
> For use with Link Local Networks
> Information Sciences Institute
> University of Southern California
> 4676 Admiralty Way, Suite 330
> Marina del Rey, CA 90292-6695
>
> Netname: LINKLOCAL
> Netblock: 169.254.0.0 - 169.254.255.255
...
You chopped off the important detail:
Domain System inverse mapping provided by:
BLACKHOLE.ISI.EDU 128.9.64.26
Generally IP that you find with this as the name server should
have just that done to them at bondaries between AS's, both
as a source and destination address!
--
Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001250926.BAA70323>