Re: egress/ingress filtering

["Crist Clark" <crist.clark () globalstar com>]

Bill_Royds () pch gc ca wrote:
> The following entries on the 65/8 IP block show that is belongs to the @home
> cable modem empire so it seems the 24/8 block is almost used up. Blocking it
> becuase it was "reserved" would soon mean that you would block cable modem users
> (which might be alright with your security policy though :-)).

Right, that was my point. I wrote,

> > I noticed that some of the "reserved" blocks
> > she mentioned, IIRC 65/8 is an example, were no longer reserved.
> > In the time since she had completed her slides, that block had
> > been assigned.

It is now assigned to ARIN, who has subsequently given out most of that
to coax cable operators, whereas a few months ago, 65/8 was an IANA 
reserved block. That is why one should not go about blocking all IANA 
reserved blocks without knowing _why_ that block is reserved. At some 
point in the future, that block may come into use and how long would it 
take you to realize that your border router is blocking legitimate traffic 
because it is from a formerly reserved block.
-- 
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster () globalstar com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards