Juniper security appnote + martians
Stephen Gill
gillsr at yahoo.com
Wed Jul 24 15:29:46 UTC 2002
Gents,
I thought I would pose the martians question here as well...
I'm trying to find out additional information on the reasoning behind
adding these martians to the Juniper's security appnote found on their
website:
Prefix Description
19.255.0.0/16 Ford Motor Company
129.156.0.0/16 Sun Microsystems
192.5.0.0/24 no match
192.9.200.0/24 no match
192.9.99.0/24 Sun Microsystems
I don't see a single reference to these in Cisco's IOS Essentials
www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip
, Bill Manning's draft,
www.ietf.org/internet-drafts/draft-manning-dsua-08.txt
or Rob T's Bogon List.
www.cymru.com/Documents/bogon-list.html
I base my bogon filtering for the JUNOS Secure Template and JUNOS Secure
BGP Template at
www.qorbit.net/documents/junos-template.pdf
www.qorbit.net/documents/junos-bgp-template.pdf
www.qorbit.net/documents/junos-bgp-appnote.pdf
on Rob's list. What are your thoughts on filtering the above prefixes?
Are some of these worthy of being added to the master bogon list?
Now, on to some of Juniper default martians:
128.0.0.0/16
191.255.0.0/16
192.0.0.0/24
223.255.255.0/24
These prefixes seem to be based on
www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm
curious what the reasoning is behind selecting these prefixes only.
Also, given that these may be allocated in the future (per the draft)
what are your thoughts on having these in Juniper's default config?
Perhaps these would be good additions to a dynamic (up-to-date) bogon
list instead of a static placement in JUNOS even though they can be
overridden if necessary.
Thoughts?
-- steve
More information about the NANOG
mailing list