North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: routing invalid IP addresses

  • From: Stephen J. Wilcox
  • Date: Sat Feb 21 14:24:05 2004

248.x.x.x is in 'Class E' space which is invalid on the Internet...

x.x.255.x are perfectly valid addresses, indeed we have 

subnet-zero isnt relevant either, this would be for eg a class B using a subnet mask, since we dont bother with classful addressing and 
we're not talking about the local addressing policy this isnt of relevance.

you have some confusion with 'ip route' and acls, these do not fulfill the same
purpose.. ip route wont help yuo as that is used to control the route to the
destination and that would be your legitimate host. an acl could help tho, you
can safely deny 'access-l 100 den ip any' to block
anything with a similar source address. just in case you get too excited with
your acls, dont go arbitrarily blocking other addresses (multicast, bogons,
rfc1918 [10.x.x.x, 192.168.x.x] else u may break some stuff!)

and just to clarify your problem of how these invalid addresses were 'routed' .. 
as above packets are routeed based on destination only, you can spoof and put 
junk in the source and it will still traverse the internet quite legitimately.


On Sat, 21 Feb 2004, Geo. wrote:

> traceroute to, that's what made me think it was invalid.
> I did get the answer, I was being stupid and trying to use IP route instead
> of an acl. Thanks to everyone who replied, even the "nooooooooo" guy.
> Geo. (I'm not the cisco guy, I was just the only one working last night)
> ----- Original Message ----- 
> From: "Bill Woodcock" <[email protected]>
> To: "Geo." <[email protected]>
> Cc: <[email protected]>
> Sent: Saturday, February 21, 2004 8:03 AM
> Subject: Re: routing invalid IP addresses
> >     >  x.x.255.x isn't a valid IP address
> >     > Clue me in?
> >
> > Clue: it's a valid address.
> >
> >                                 -Bill
> >
> >