From owner-freebsd-security Sun Oct 3 13: 5:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from saturn.psn.net (saturn.psn.net [207.211.58.15]) by hub.freebsd.org (Postfix) with ESMTP id 50F5114BB8 for ; Sun, 3 Oct 1999 13:05:23 -0700 (PDT) (envelope-from will@blackdawn.com) Received: from shadow.blackdawn.com (5042-243.008.popsite.net [209.224.140.243]) by saturn.psn.net (8.9.3/8.9.3) with ESMTP id NAA23300; Sun, 3 Oct 1999 13:14:55 -0700 (MST) Received: (from will@localhost) by shadow.blackdawn.com (8.9.3/8.9.3) id QAA03020; Sun, 3 Oct 1999 16:05:02 -0400 (EDT) (envelope-from will) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <10882.991003@cityline.ru> Date: Sun, 03 Oct 1999 16:05:02 -0400 (EDT) Reply-To: Will Andrews From: Will Andrews To: Dmitriy Bokiy Subject: RE: anti-spoofing Cc: FreeBSD Security ML Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 03-Oct-99 Dmitriy Bokiy wrote: > I know it was discussed earlier but I failed to find it in archives. > Besides IANA site is not very clear about it. > > Where can I find _the complete_ list of addresses to be blocked? > Should I follow > http://www.isi.edu/in-notes/iana/assignments/ipv4-address-space > and block all "IANA - Reserved" and "IANA - Multicast" and what else? At a minimum, the RFC1918 (unregistered source addresses RFC) IP addresses should be blocked from passing through your outside interface: 192.168.0.1:255.255.0.0 (192.168.0.1 -> 192.168.255.255) 172.16.0.1:255.16.0.0 (172.16.0.1 -> 172.31.255.255) 10.0.0.1:255.0.0.0 (10.0.0.1 -> 10.255.255.255) See the RFC for more information. You could also consider consulting the mailing list archives for freebsd-security@FreeBSD.ORG. -- Will Andrews GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ G++>+++ e->++++ h! r-->+++ y? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message