[sdnog] Network Security / RFC 3330
Hiba Eltigani
higba6 at gmail.com
Tue Feb 10 10:16:49 SAST 2015
Good point, we tend to take information from Internet for granted ;).
On Feb 10, 2015 10:42 AM, "Nishal Goburdhan" <nishal at controlfreak.co.za>
wrote:
> Hiba Eltigani wrote:
>
> You can also check the current assignment for IPv4 and IPv6 ranges from
>> IANA website at below links:
>>
>> http://www.iana.org/assignments/ipv4-address-
>> space/ipv4-address-space.xhtml
>> http://www.iana.org/assignments/ipv6-address-
>> space/ipv6-address-space.xhtml
>> http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-
>> unicast-address-assignments.xhtml
>>
>
> On Feb 10, 2015 9:23 AM, "Daniel Shaw" <dshaw78 at gmail.com
>> <mailto:dshaw78 at gmail.com>> wrote:
>>
>>> the following RFC #3330 describes IP addresses which shouldn't be
>>> allowed for inbound traffic on your edge devices eg. routers.
>>>
>>> http://www.rfc-base.org/txt/rfc-3330.txt
>>>
>>
>> And, if/when you actually do so, you may find this useful:
>> http://www.team-cymru.org/Services/Bogons/
>>
>> There are links there to download pre-formated versions of (more or
>> less) the above IP ranges that can just be copy and pasted into ACLs
>> for the most common router brands.
>>
>> - Daniel
>>
>
>
> all great information. just one thing you probably want to consider when
> looking at an RFC; always go to the source. RFCs are a result of
> collaborative work from the IETF, so a good place to look is at the actual
> IETF website itself...
> in this case, http://tools.ietf.org. if you put in 3330 into the
> document search on the left, you'd have brought up the actual RFC3330.
> more usefully, you would also have seen that this was updated to 5735, and
> if you clicked on that you'd see the "updated updated" version is now
> 6890. which, is a handy way to track changes, history and development.
>
> there are two good things to remember here:
> * the internet is a living thing; best practices and standards are
> updated over time. so while most of us remember RFC1918, and now RFC3330,
> it's also important to see what new changes have happened along the way.
>
> * always try to look at the source first; not everything you read on the
> internet is true ;-) so when you refer people to
> documentation/announcements, it's best to point to the origin (and
> authoritative location) to avoid confusion.
>
> nonetheless; still an important point. if the networks in sudan could
> get around to doing filtering this "reserved" space in accordance with
> BCP38 (aka RFC2827; which, itself has been updated) then you'll be one step
> closer to making your networks more secure and more resilient to dDOS
> attacks. honestly.
>
> best,
> --n.
> _______________________________________________
> Sdnog mailing list
> Sdnog at sdnog.sd
> http://lists.sdnog.sd/mailman/listinfo/sdnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20150210/b0c61534/attachment.html>
More information about the sdnog
mailing list