Re: Excluding address ranges in arpd/honeyd

[Valdis.Kletnieks () vt edu]

On Fri, 11 Jun 2004 14:07:26 CDT, Williams Jon <WilliamsJonathan () JohnDeere com>  said:

> So, now my IDS starts seeing something odd.  It is getting packets
> sourced from 224.0.0.2, an IANA-reserved multicast address that is NEVER
> supposed to be the source of any packet, destined to the default router
> in my local subnet.  Checking further, it appears that honeyd happily
> responded, just as configured, to the HSRP packets being sent to
> 224.0.0.2 with an ICMP port unreach, source by the multicast address!
>
> Now, the router guys tell me that this is a Bad Thing(TM).

Which is why good router guys bogon-filter this sort of stuff.. ;)

http://www.cymru.com/Bogons/index.html  says that a *source*
address anywhere in 224.0.0.0/3 (yes, 3, not 8) are bogons.

Just do the world a favor, and if you bogon-filter, make sure they're
kept up to date.  The people in the 69/8 range felt a lot of pain, and
things didn't get much better for early adopters of 70/8....

Attachment: _bin
Description: