[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "bad" IP addresses <newbie>



On Tue, Apr 15, 2003 at 04:07:41PM -0700, s c o t t wrote:
> Obviously there are some IP addresses that are not in every pf.conf and I 
> wonder what the significance of these is? Specifically those that are not 
> described in RFC 1918. Are there known exploits that are described 
> somewhere?
> 
> Are these better handled with antispoof for a particular interface? The man 
> page seems to make me believe this but again I am just flying by the seat 
> of my pants...
my favorite page for "bogon" addresses is:
  http://www.cymru.com/Documents/bogon-list.html
it is kept up-to-date (modifications are reported to  the  BIND  mailing
lists).
since my upgrade to 3.3, I now use a table to hold these addresses  like
this:
  [snip]
  table <bogons> const file "/etc/bogons.list"
  [snip]
  ##> Illegitimate Traffic
  # Bogon Networks
  block in log quick on $external_if \
    from <bogons> to any \
    label "illegitimate traffic from bogon addresses ($nr)"
to update the table, one can use a script that will  download  &&  parse
the bogon list for you.
cheers.
-- 
Saad Kadhi -- [saad@docisland.org] [saad.kadhi@hapsis.fr]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]
---