[BLU] Re: 68.0.0.0/8 illegal?

[david at thekramers.net (David Kramer)]

On Thu, 26 Apr 2001, Alex Pennace wrote:

> On Thu, Apr 26, 2001 at 12:54:33AM -0400, David Kramer wrote:
> > I built my rc.firewall from Robert Ziegler's site
> > (http://www.linux-firewall-tools.com/). I noticed a lot of lines in it
> > in this section:
> >
> >     # refuse addresses defined as reserved by the IANA
> >     # 0.*.*.*, 1.*.*.*, 2.*.*.*, 5.*.*.*, 7.*.*.*, 23.*.*.*, 27.*.*.*
> >     # 31.*.*.*, 37.*.*.*, 39.*.*.*, 41.*.*.*, 42.*.*.*, 58-60.*.*.*
> >     # 65-95.*.*.*, 96-126.*.*.*, 197.*.*.*, 201.*.*.* (?), 217-223.*.*.*
> [snip]
> > So I'm thinking since these addresses seem to whois to real ISP's, that
> > these are valid addresses that I should NOT be blocking.
>
> That's correct.
>
> > On the other hand, I think the SYN flag either means they initiated the
> > conversation, or that they are trying to do a syn flood on my box.
> > Given that I only see like 10 in a row, I doubt the latter.
>
> Poor guy at dsl092-067-047.bos1.dsl.speakeasy.net just wants to talk
> SMTP to your box. :)

So out of the above ranges, which should I open up?  The only ranges I
know about are 10.*, 192.168.*, 127.0.0.1, and there's one more I'm
forgetting.  Should I open up all the rest.  I'm already blocking any
traffic on eth0 from those three in an earlier section of the script.


-------------------------------------------------------------------
DDDD   David Kramer                   http://thekramers.net
DK KD
DKK D  "All my life, I always wanted to be somebody.
DK KD  Now I see that I should have been more specific."
DDDD                                       - Lily Tomlin



-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).