The folks at cymru has a DNSbased BOGON listing that's available to anybody that can execute a AXFR against their DNS-server;
e.g
dig @ns1.cymru.com. axfr bogons.cymru.com. | grep bogons | grep 127.0.0.2
A entry in this DNS listing can then be used to check your BOGON list or you can take the reverse output and convert it to to either a cisco wildcard or cidr format.
e.g
So you can write a ACL listing with confidence to meet your needs;
e.g
deny 169.254.0.0/16
deny 169.254.0.0 0.0.255.255
deny 169.254.0.0 255.255.0.0
NOTE: great if you need to check the format for a BOGON entry
Ken Felix
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( ^ ^ )=
o
/ \
.
No comments:
Post a Comment