Re: egress/ingress filtering

[Ryan Russell <ryan () securityfocus com>]

On Fri, 16 Feb 2001, Crist Clark wrote:

> It is now assigned to ARIN, who has subsequently given out most of that
> to coax cable operators, whereas a few months ago, 65/8 was an IANA
> reserved block. That is why one should not go about blocking all IANA
> reserved blocks without knowing _why_ that block is reserved. At some
> point in the future, that block may come into use and how long would it
> take you to realize that your border router is blocking legitimate traffic
> because it is from a formerly reserved block.

Right.  SecurityFocus.com just moved into 66.38.151.x.  I had a number of
phone calls with an Army guy who couldn't figure out why we were
"portscanning" him.  Turns out that he had his website set up to grab our
headline thingy once an hour or so.  He'd send SYN packets, we'd send
SYN-ACK, and he'd block them on the way in, because apparantly 66 was ARIN
reserved until recently.  He had a rather complete set of ingress filters.

                                                Ryan

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards