Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Dec 2000 13:02:17 -0500 
From:      Bird Mr Gregory L <BirdGL@NOC.USMC.MIL>
To:        "'freebsd-isp@FreeBSD.ORG'" <freebsd-isp@FreeBSD.ORG>
Subject:   RE: Danger Ports
Message-ID:  <1988A7BBBD55D3119B4A00902771C45404A01365@host014.noc.usmc.mil>
next in thread | raw e-mail | index | archive | help 
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C05BC0.D75C1B00
Content-Type: text/plain;
	charset="iso-8859-1"

Yes there is overlap...I am not quite sure where you learned how to
subnet...but the rest of the world does it:


access-list lines:
access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log


172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 -
172.31.255.255

so there is overlap. You might want to refresh yourself a little on your
subnetting...or fully caffeinate yourself.


Greg Bird
Senior Network Security Engineer



-----Original Message-----
From: William Sommers [mailto:sommers@sfo.com]
Sent: Friday, December 01, 2000 11:06 AM
To: freebsd-isp@FreeBSD.ORG
Subject: Re: Danger Ports


At 12:28 AM 12/1/00 -0600, Butch Evans wrote:

 >> > > access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
 >> > > access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log
 >>
 >> > access-list 110 deny   ip any 172.16.0.0 0.15.255.255 log
 >> > access-list 110 deny   ip any 172.31.0.0 0.0.255.255 log
 >>
 >> Is it me? Isn't the second network in each a subset of the first?
 >>
 > Now that I re-read your question, I see what you are saying...You are
 > correct.

Um, unless I'm not yet fully caffeinated:

172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255
172.31.0.0 0.0.255.255  matches 176.31.0.0 - 176.31.255.255

No overlap at all.


  -wfs



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

------_=_NextPart_001_01C05BC0.D75C1B00
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.99">
<TITLE>RE: Danger Ports</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2>Yes there is overlap...I am not quite sure where you learned how to subnet...but the rest of the world does it:</FONT>
</P>
<BR>

<P><FONT SIZE=2>access-list lines:</FONT>
<BR><FONT SIZE=2>access-list 110 deny&nbsp;&nbsp; ip 172.16.0.0 0.15.255.255 any log</FONT>
<BR><FONT SIZE=2>access-list 110 deny&nbsp;&nbsp; ip 172.31.0.0 0.0.255.255 any log</FONT>
</P>
<BR>

<P><FONT SIZE=2>172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255</FONT>
</P>

<P><FONT SIZE=2>so there is overlap. You might want to refresh yourself a little on your subnetting...or fully caffeinate yourself.</FONT>
</P>
<BR>

<P><FONT SIZE=2>Greg Bird</FONT>
<BR><FONT SIZE=2>Senior Network Security Engineer</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: William Sommers [<A HREF="mailto:sommers@sfo.com">mailto:sommers@sfo.com</A>]</FONT>
<BR><FONT SIZE=2>Sent: Friday, December 01, 2000 11:06 AM</FONT>
<BR><FONT SIZE=2>To: freebsd-isp@FreeBSD.ORG</FONT>
<BR><FONT SIZE=2>Subject: Re: Danger Ports</FONT>
</P>
<BR>

<P><FONT SIZE=2>At 12:28 AM 12/1/00 -0600, Butch Evans wrote:</FONT>
</P>

<P><FONT SIZE=2>&nbsp;&gt;&gt; &gt; &gt; access-list 110 deny&nbsp;&nbsp; ip 172.16.0.0 0.15.255.255 any log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; &gt; &gt; access-list 110 deny&nbsp;&nbsp; ip 172.31.0.0 0.0.255.255 any log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt;</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; &gt; access-list 110 deny&nbsp;&nbsp; ip any 172.16.0.0 0.15.255.255 log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; &gt; access-list 110 deny&nbsp;&nbsp; ip any 172.31.0.0 0.0.255.255 log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt;</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; Is it me? Isn't the second network in each a subset of the first?</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt;</FONT>
<BR><FONT SIZE=2>&nbsp;&gt; Now that I re-read your question, I see what you are saying...You are</FONT>
<BR><FONT SIZE=2>&nbsp;&gt; correct.</FONT>
</P>

<P><FONT SIZE=2>Um, unless I'm not yet fully caffeinated:</FONT>
</P>

<P><FONT SIZE=2>172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255</FONT>
<BR><FONT SIZE=2>172.31.0.0 0.0.255.255&nbsp; matches 176.31.0.0 - 176.31.255.255</FONT>
</P>

<P><FONT SIZE=2>No overlap at all.</FONT>
</P>
<BR>

<P><FONT SIZE=2>&nbsp; -wfs</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=2>To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT>
<BR><FONT SIZE=2>with &quot;unsubscribe freebsd-isp&quot; in the body of the message</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C05BC0.D75C1B00--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1988A7BBBD55D3119B4A00902771C45404A01365>