[sdnog] Network Security / RFC 3330

Hiba Eltigani higba6 at gmail.com
Tue Feb 10 10:16:49 SAST 2015 

Good point, we tend to take information from Internet for granted ;).
On Feb 10, 2015 10:42 AM, "Nishal Goburdhan" <nishal at controlfreak.co.za>
wrote:

> Hiba Eltigani wrote:
>
>  You can also check the current assignment for IPv4 and IPv6 ranges from
>> IANA website at below links:
>>
>> http://www.iana.org/assignments/ipv4-address-
>> space/ipv4-address-space.xhtml
>> http://www.iana.org/assignments/ipv6-address-
>> space/ipv6-address-space.xhtml
>> http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-
>> unicast-address-assignments.xhtml
>>
>
>  On Feb 10, 2015 9:23 AM, "Daniel Shaw" <dshaw78 at gmail.com
>> <mailto:dshaw78 at gmail.com>> wrote:
>>
>>>     the following RFC #3330 describes IP addresses which shouldn't be
>>>     allowed for inbound traffic on your edge devices eg. routers.
>>>
>>>     http://www.rfc-base.org/txt/rfc-3330.txt
>>>
>>
>>     And, if/when you actually do so, you may find this useful:
>>     http://www.team-cymru.org/Services/Bogons/
>>
>>     There are links there to download pre-formated versions of (more or
>>     less) the above IP ranges that can just be copy and pasted into ACLs
>>     for the most common router brands.
>>
>>     - Daniel
>>
>
>
> all great information.   just one thing you probably want to consider when
> looking at an RFC;  always go to the source.  RFCs are a result of
> collaborative work from the IETF, so a good place to look is at the actual
> IETF website itself...
> in this case, http://tools.ietf.org.   if you put in 3330 into the
> document search on the left, you'd have brought up the actual RFC3330.
> more usefully, you would also have seen that this was updated to 5735, and
> if you clicked on that you'd see the "updated updated" version is now
> 6890.  which, is a handy way to track changes, history and development.
>
> there are two good things to remember here:
> * the internet is a living thing;  best practices and standards are
> updated over time.  so while most of us remember RFC1918, and now RFC3330,
> it's also important to see what new changes have happened along the way.
>
> * always try to look at the source first;  not everything you read on the
> internet is true  ;-)    so when you refer people to
> documentation/announcements, it's best to point to the origin (and
> authoritative location) to avoid confusion.
>
> nonetheless;  still an important point.  if the networks in sudan could
> get around to doing filtering this "reserved" space in accordance with
> BCP38 (aka RFC2827; which, itself has been updated) then you'll be one step
> closer to making your networks more secure and more resilient to dDOS
> attacks.  honestly.
>
> best,
> --n.
> _______________________________________________
> Sdnog mailing list
> Sdnog at sdnog.sd
> http://lists.sdnog.sd/mailman/listinfo/sdnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20150210/b0c61534/attachment.html>

More information about the sdnog mailing list