From owner-freebsd-isp  Fri Dec  1 10: 5:18 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from gate1.noc.usmc.mil (gate1.noc.usmc.mil [192.156.71.34])
	by hub.freebsd.org (Postfix) with ESMTP id D669E37B400
	for <freebsd-isp@FreeBSD.ORG>; Fri,  1 Dec 2000 10:05:12 -0800 (PST)
Received: by gate1.noc.usmc.mil; id SAA00175; Fri, 1 Dec 2000 18:04:11 GMT
Received: from host014.noc.usmc.mil(192.156.77.14) by gate1.noc.usmc.mil via smap (V5.0)
	id xma029567; Fri, 1 Dec 00 18:03:11 GMT
Received: by host014.noc.usmc.mil with Internet Mail Service (5.5.2650.21)
	id <YBG9G19R>; Fri, 1 Dec 2000 13:02:17 -0500
Message-ID: <1988A7BBBD55D3119B4A00902771C45404A01365@host014.noc.usmc.mil>
From: Bird Mr Gregory L <BirdGL@NOC.USMC.MIL>
To: "'freebsd-isp@FreeBSD.ORG'" <freebsd-isp@FreeBSD.ORG>
Subject: RE: Danger Ports
Date: Fri, 1 Dec 2000 13:02:17 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C05BC0.D75C1B00"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C05BC0.D75C1B00
Content-Type: text/plain;
	charset="iso-8859-1"

Yes there is overlap...I am not quite sure where you learned how to
subnet...but the rest of the world does it:


access-list lines:
access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log


172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 -
172.31.255.255

so there is overlap. You might want to refresh yourself a little on your
subnetting...or fully caffeinate yourself.


Greg Bird
Senior Network Security Engineer



-----Original Message-----
From: William Sommers [mailto:sommers@sfo.com]
Sent: Friday, December 01, 2000 11:06 AM
To: freebsd-isp@FreeBSD.ORG
Subject: Re: Danger Ports


At 12:28 AM 12/1/00 -0600, Butch Evans wrote:

 >> > > access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
 >> > > access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log
 >>
 >> > access-list 110 deny   ip any 172.16.0.0 0.15.255.255 log
 >> > access-list 110 deny   ip any 172.31.0.0 0.0.255.255 log
 >>
 >> Is it me? Isn't the second network in each a subset of the first?
 >>
 > Now that I re-read your question, I see what you are saying...You are
 > correct.

Um, unless I'm not yet fully caffeinated:

172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255
172.31.0.0 0.0.255.255  matches 176.31.0.0 - 176.31.255.255

No overlap at all.


  -wfs



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

------_=_NextPart_001_01C05BC0.D75C1B00
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.99">
<TITLE>RE: Danger Ports</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2>Yes there is overlap...I am not quite sure where you learned how to subnet...but the rest of the world does it:</FONT>
</P>
<BR>

<P><FONT SIZE=2>access-list lines:</FONT>
<BR><FONT SIZE=2>access-list 110 deny&nbsp;&nbsp; ip 172.16.0.0 0.15.255.255 any log</FONT>
<BR><FONT SIZE=2>access-list 110 deny&nbsp;&nbsp; ip 172.31.0.0 0.0.255.255 any log</FONT>
</P>
<BR>

<P><FONT SIZE=2>172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255</FONT>
</P>

<P><FONT SIZE=2>so there is overlap. You might want to refresh yourself a little on your subnetting...or fully caffeinate yourself.</FONT>
</P>
<BR>

<P><FONT SIZE=2>Greg Bird</FONT>
<BR><FONT SIZE=2>Senior Network Security Engineer</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: William Sommers [<A HREF="mailto:sommers@sfo.com">mailto:sommers@sfo.com</A>]</FONT>
<BR><FONT SIZE=2>Sent: Friday, December 01, 2000 11:06 AM</FONT>
<BR><FONT SIZE=2>To: freebsd-isp@FreeBSD.ORG</FONT>
<BR><FONT SIZE=2>Subject: Re: Danger Ports</FONT>
</P>
<BR>

<P><FONT SIZE=2>At 12:28 AM 12/1/00 -0600, Butch Evans wrote:</FONT>
</P>

<P><FONT SIZE=2>&nbsp;&gt;&gt; &gt; &gt; access-list 110 deny&nbsp;&nbsp; ip 172.16.0.0 0.15.255.255 any log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; &gt; &gt; access-list 110 deny&nbsp;&nbsp; ip 172.31.0.0 0.0.255.255 any log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt;</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; &gt; access-list 110 deny&nbsp;&nbsp; ip any 172.16.0.0 0.15.255.255 log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; &gt; access-list 110 deny&nbsp;&nbsp; ip any 172.31.0.0 0.0.255.255 log</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt;</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt; Is it me? Isn't the second network in each a subset of the first?</FONT>
<BR><FONT SIZE=2>&nbsp;&gt;&gt;</FONT>
<BR><FONT SIZE=2>&nbsp;&gt; Now that I re-read your question, I see what you are saying...You are</FONT>
<BR><FONT SIZE=2>&nbsp;&gt; correct.</FONT>
</P>

<P><FONT SIZE=2>Um, unless I'm not yet fully caffeinated:</FONT>
</P>

<P><FONT SIZE=2>172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255</FONT>
<BR><FONT SIZE=2>172.31.0.0 0.0.255.255&nbsp; matches 176.31.0.0 - 176.31.255.255</FONT>
</P>

<P><FONT SIZE=2>No overlap at all.</FONT>
</P>
<BR>

<P><FONT SIZE=2>&nbsp; -wfs</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=2>To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT>
<BR><FONT SIZE=2>with &quot;unsubscribe freebsd-isp&quot; in the body of the message</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C05BC0.D75C1B00--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message