Juniper security appnote + martians

Stephen Gill gillsr at yahoo.com
Wed Jul 24 15:29:46 UTC 2002


Gents,
I thought I would pose the martians question here as well...

I'm trying to find out additional information on the reasoning behind
adding these martians to the Juniper's security appnote found on their
website:

Prefix		Description
19.255.0.0/16	Ford Motor Company
129.156.0.0/16 	Sun Microsystems
192.5.0.0/24	no match
192.9.200.0/24	no match
192.9.99.0/24	Sun Microsystems 

I don't see a single reference to these in Cisco's IOS Essentials
www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip

, Bill Manning's draft, 
www.ietf.org/internet-drafts/draft-manning-dsua-08.txt

or Rob T's Bogon List.  
www.cymru.com/Documents/bogon-list.html

I base my bogon filtering for the JUNOS Secure Template and JUNOS Secure
BGP Template at
www.qorbit.net/documents/junos-template.pdf
www.qorbit.net/documents/junos-bgp-template.pdf
www.qorbit.net/documents/junos-bgp-appnote.pdf

on Rob's list.  What are your thoughts on filtering the above prefixes?
Are some of these worthy of being added to the master bogon list?

Now, on to some of Juniper default martians:
128.0.0.0/16
191.255.0.0/16
192.0.0.0/24
223.255.255.0/24

These prefixes seem to be based on
www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt.  I'm
curious what the reasoning is behind selecting these prefixes only.
Also, given that these may be allocated in the future (per the draft)
what are your thoughts on having these in Juniper's default config?
Perhaps these would be good additions to a dynamic (up-to-date) bogon
list instead of a static placement in JUNOS even though they can be
overridden if necessary.

Thoughts?
-- steve





More information about the NANOG mailing list