{"id":2879,"date":"2010-01-16T14:50:16","date_gmt":"2010-01-16T13:50:16","guid":{"rendered":"http:\/\/security-planet.de\/?p=2879"},"modified":"2010-01-16T14:50:16","modified_gmt":"2010-01-16T13:50:16","slug":"rfc-3330-ist-obsolet","status":"publish","type":"post","link":"https:\/\/cyber-fi.net\/index.php\/2010\/01\/16\/rfc-3330-ist-obsolet\/","title":{"rendered":"RFC 3330 ist obsolet"},"content":{"rendered":"

In RFC 3330<\/a> waren die “Special Use IPv4 Addresses” definiert. Dieser RFC wurde jetzt durch den RFC 5735<\/a> ersetzt (leider kann man sich diese Nummer nicht so gut merken).
\nSehr interessant ist die Erweiterung der TEST-NET-Eintr\u00e4ge:<\/p>\n

192.0.2.0\/24 \n198.51.100.0\/24\n203.0.113.0\/24 <\/code><\/pre>\n
W\u00e4hrend der erste Eintrag schon l\u00e4nger vorhanden ist, stehen jetzt zwei weitere Netze zu Dokumentationszwecken zur Verf\u00fcgung. Diese Verwendung ist explizit im RFC 5737 – IPv4 Address Blocks Reserved for Documentation<\/a> beschrieben.<\/p>\n
Damit sollte man auch die typische Anti-Spoofing-ACL f\u00fcr Perimeter-Router anpassen:<\/p>\n
ip access-list extended PERIMETER-IN\n deny   ip 0.0.0.0 0.255.255.255 any\n deny   ip 10.0.0.0 0.255.255.255 any\n deny   ip 127.0.0.0 0.255.255.255 any\n deny   ip 169.254.0.0 0.0.255.255 any\n deny   ip 172.16.0.0 0.15.255.255 any\n deny   ip 192.0.2.0 0.0.0.255 any\n deny   ip 192.168.0.0 0.0.255.255 any\n deny   ip 198.18.0.0 0.1.255.255 any\n deny   ip 198.51.100.0 0.0.0.255 any\n deny   ip 203.0.113.0 0.0.0.255 any\n deny   ip 224.0.0.0 31.255.255.255 any\n deny   ip EIGENES-NETZ any\n permit ...<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
In RFC 3330 waren die “Special Use IPv4 Addresses” definiert. Dieser RFC wurde jetzt durch den RFC 5735 ersetzt (leider kann man sich diese Nummer nicht so gut merken). Sehr interessant ist die Erweiterung der TEST-NET-Eintr\u00e4ge: 192.0.2.0\/24 198.51.100.0\/24 203.0.113.0\/24 W\u00e4hrend der erste Eintrag schon l\u00e4nger vorhanden ist, stehen jetzt zwei weitere Netze zu Dokumentationszwecken zur <\/p>\n
continue reading<\/a><\/div>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"twitterCardType":"","cardImageID":0,"cardImage":"","cardTitle":"","cardDesc":"","cardImageAlt":"","cardPlayer":"","cardPlayerWidth":0,"cardPlayerHeight":0,"cardPlayerStream":"","cardPlayerCodec":"","footnotes":""},"categories":[14,15],"tags":[46,509,510],"class_list":["post-2879","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-acl","tag-rfc3330","tag-rfc5735"],"_links":{"self":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts\/2879","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/comments?post=2879"}],"version-history":[{"count":0,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts\/2879\/revisions"}],"wp:attachment":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/media?parent=2879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/categories?post=2879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/tags?post=2879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}