nanog mailing list archives
Re: routing invalid IP addresses
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Sat, 21 Feb 2004 14:21:35 -0500 (EST)
248.x.x.x is in 'Class E' space which is invalid on the Internet... x.x.255.x are perfectly valid addresses, indeed we have 193.0.255.0/24.. subnet-zero isnt relevant either, this would be for eg a class B using a 255.255.255.0 subnet mask, since we dont bother with classful addressing and we're not talking about the local addressing policy this isnt of relevance. you have some confusion with 'ip route' and acls, these do not fulfill the same purpose.. ip route wont help yuo as that is used to control the route to the destination and that would be your legitimate host. an acl could help tho, you can safely deny 'access-l 100 den ip 240.0.0.0 15.255.255.255 any' to block anything with a similar source address. just in case you get too excited with your acls, dont go arbitrarily blocking other addresses (multicast, bogons, rfc1918 [10.x.x.x, 192.168.x.x] else u may break some stuff!) and just to clarify your problem of how these invalid addresses were 'routed' .. as above packets are routeed based on destination only, you can spoof and put junk in the source and it will still traverse the internet quite legitimately. Steve On Sat, 21 Feb 2004, Geo. wrote:
traceroute to 248.245.255.191, that's what made me think it was invalid. I did get the answer, I was being stupid and trying to use IP route instead of an acl. Thanks to everyone who replied, even the "nooooooooo" guy. Geo. (I'm not the cisco guy, I was just the only one working last night) ----- Original Message ----- From: "Bill Woodcock" <woody () pch net> To: "Geo." <georger () getinfo net> Cc: <nanog () merit edu> Sent: Saturday, February 21, 2004 8:03 AM Subject: Re: routing invalid IP addresses> x.x.255.x isn't a valid IP address > Clue me in? Clue: it's a valid address. -Bill
Current thread:
- Re: Verizon clients DOS own site?, (continued)
- Re: Verizon clients DOS own site? Rubens Kuhl Jr. (Feb 19)
- RE: Verizon clients DOS own site? Wayne Gustavus (nanog) (Feb 20)
- Re: Verizon clients DOS own site? William Warren (Feb 20)
- routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Bill Woodcock (Feb 21)
- Re: routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Christopher X. Candreva (Feb 21)
- RE: routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Brian Knoblauch (Feb 21)
- Re: routing invalid IP addresses Geo. (Feb 21)
- Re: Verizon clients DOS own site? William Warren (Feb 20)
- Re: routing invalid IP addresses Stephen J. Wilcox (Feb 21)
- Re: routing invalid IP addresses bill (Feb 21)
- Re: routing invalid IP addresses Richard A Steenbergen (Feb 21)
- Re: routing invalid IP addresses Laurence F. Sheldon, Jr. (Feb 21)
- Re: routing invalid IP addresses Mikael Abrahamsson (Feb 21)
- Re: routing invalid IP addresses Laurence F. Sheldon, Jr. (Feb 21)