|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Juniper security appnote + martians
Gents, I thought I would pose the martians question here as well... I'm trying to find out additional information on the reasoning behind adding these martians to the Juniper's security appnote found on their website: Prefix Description 19.255.0.0/16 Ford Motor Company 129.156.0.0/16 Sun Microsystems 192.5.0.0/24 no match 192.9.200.0/24 no match 192.9.99.0/24 Sun Microsystems I don't see a single reference to these in Cisco's IOS Essentials www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip , Bill Manning's draft, www.ietf.org/internet-drafts/draft-manning-dsua-08.txt or Rob T's Bogon List. www.cymru.com/Documents/bogon-list.html I base my bogon filtering for the JUNOS Secure Template and JUNOS Secure BGP Template at www.qorbit.net/documents/junos-template.pdf www.qorbit.net/documents/junos-bgp-template.pdf www.qorbit.net/documents/junos-bgp-appnote.pdf on Rob's list. What are your thoughts on filtering the above prefixes? Are some of these worthy of being added to the master bogon list? Now, on to some of Juniper default martians: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24 These prefixes seem to be based on www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm curious what the reasoning is behind selecting these prefixes only. Also, given that these may be allocated in the future (per the draft) what are your thoughts on having these in Juniper's default config? Perhaps these would be good additions to a dynamic (up-to-date) bogon list instead of a static placement in JUNOS even though they can be overridden if necessary. Thoughts? -- steve
|