BCP for Private OUI / address assignments?
isabeldias1 at yahoo.com
Tue Nov 25 17:09:43 UTC 2008
Someone is basicly "twicking the mail headers" by sending messages like "nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org"-who is?
OUI...yes, great topic! Now mind me asking but why would you need a "private" OUI if the well-known (registed) list is quite public and everyone has a reserved allocation? (vendors have)
and yes as far as i am aware all can be spoofed...up to the available anti-spoofing rules, plenty of google literature........just to check the theory points of failure .....
Now the question is do mac adresses change w/ IPv6? Is there a relation w/ IPv4/6 format type and OUI format type ?
we might have heard of the IPv6 source address spoofing .....
...and w/ the translation to the OUI w/ v6 ......
--- On Mon, 11/24/08, Mark Smith <nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org> wrote:
> From: Mark Smith <nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org>
> Subject: Re: BCP for Private OUI / address assignments?
> To: peter at peter-dambier.de
> Cc: nanog at nanog.org
> Date: Monday, November 24, 2008, 10:01 PM
> On Mon, 24 Nov 2008 19:35:07 +0100
> Peter Dambier <peter at peter-dambier.de> wrote:
> > I also found this one helpful
> > http://www.iana.org/assignments/ethernet-numbers
> > ===
> > The CFxxxx Series
> > RFC 2153 describes a method of usings a "pseudo
> OUI" for certain
> > purposes when there is no appropriate regular OUI
> assigned. These are
> > listed here.
> > CF0001 Data Comm for Business
> > ===
> > I remember we had IBM Token-Ring equipment and they
> > to always use "CF..." and never rely on the
> programmed MAC for SNA.
> On an ethernet network, CF is a multicast destination
> address, or, as a
> source, I'm pretty sure it indicates that the frame
> contains a source
> route for use with translational bridging.
> The locally assigned 0x02 bit would be better to use. Be
> aware that
> Microsoft have decided to "reserve" some locally
> assigned addresses
> in the range 02-BF, and 02-01 through 02-20 for use with
> their load
> balancing / high availability product, rather than use one
> of their
> proper OUIs. Apparently you're not supposed to be using
> address ranges because the locally assigned address space
> is so large,
> before you use this Microsoft product, so if you are, too
> bad. You'll
> have to change your previous local assignments, or somehow
> Microsoft's software. Within Wireshark it shows it as
> used by
> Microsoft, which implies official assignment to Microsoft.
> Wireshark people won't change it, so that gives it a
> level of
> legitimacy. I think that's a slippery slope.
> (It's a pet hate of mine that certain organisations
> force their private
> address space assignments (RFC1918 or IEEE locally
> assigned) on
> outsiders. It's supposed to be private so outsiders
> don't see it or
> don't have to work around it!)
> "Sheep are slow and tasty, and therefore must
> remain constantly
> - Bruce Schneier,
> "Beyond Fear"
More information about the NANOG