Hi, On 19-Jan-01 Richard wrote:
Boris
On Friday 19 January 2001 10:57, you wrote: rvers...
You will find the revised list on www.isi.edu/iana/assignments/ipv4-address-space, or here:
INTERNET PROTOCOL ADDRESS SPACE
The allocation of Internet Protocol version 4 (IPv4) address space to various registries is listed here. Originally, all the IPv4 address spaces was managed directly by the IANA. Later parts of the address space were allocated to various other registries to manage for particular purposes or regional areas of the world. RFC 1466 documents most of these allocations.
Now all I have to do is try to understand what to do with it :))
IANA used to assign any netblock on the internet, from 000/8 to 255/8. After a while they decided to transfer the authority for certain address space ranges to other registrars like RIPE, APNIC, DENIC, ARIN and so forth. There are still a number of netblocks assigned to IANA, so if you build firewalls you may want to exclude these from normal traffic because there are no users or hosts in these reserved ranges who may contact you. Connection attempts from these address ranges are most certainly spoofed and should be treated seriously. If you use ipchains, all you have to do is to block these ranges. Like this: ipchains -A input -i eth0 -s 1.0.0.0/8 -j DENY -l This command line denies access for any host in the range 1.0.0.0/8 and logs connection attempts to your syslog. 1.0.0.0/8 (as you can see from my list posted earlier) still is reserved by IANA and should be blocked. Dito with other ranges which are marked "IANA - Reserved". You should check back to IANAs website from time to time for updates. Just don't block any ranges currently managed by other registrars than IANA because some of these netblocks may have been given to ISPs. If you block them, some users of these ISPs would not be able to contact you anymore. Hope this helps. Boris
Thanks
-- Richard
--- Boris Lorenz <bolo@lupa.de> System Security Admin *nix - *nux ---