test Nets being routed?

Happy Holidays To You All!

Am I the only one seeing the 192.168.0.0 test net going somewhere? RFC 1918
mandates 192.168.0.0/255.255.0.0 [192.168/16] for private networks (testing),
right? Inc.net seems to have some problems...

From 206.183.227.10, I can get to them via telnet...These are

definately NOT my hosts, either... :slight_smile:

Am I the only one seeing the 192.168.0.0 test net going somewhere? RFC 1918
mandates 192.168.0.0/255.255.0.0 [192.168/16] for private networks (testing),
right? Inc.net seems to have some problems...

While they should not be announcing, you should not be listening. Try this
and call back in the morning if it does not work.

access-list 181 deny ip host 0.0.0.0 any
access-list 181 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 181 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 181 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 181 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 181 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 181 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 181 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 181 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 181 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255

randy

Don't try this at home without checking (read: delete) the first
line.....and, if you feel brave, or you'd like to keep your customers,
add something to the bottom..... >;)

-Steve

Try this one instead:

access-list 101 deny ip any 0.0.0.0 252.0.0.0
access-list 101 deny ip any 255.255.255.128 0.0.0.127
access-list 101 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 101 deny ip 127.0.0.0 0.255.255.255 255.0.0.0
0.255.255.255
access-list 101 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.240.0.0
0.15.255.255
access-list 101 deny ip 191.255.0.0 0.0.255.255 255.255.0.0
0.0.255.255
access-list 101 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 192.168.0.0 0.0.255.255 255.255.0.0
0.0.255.255
access-list 101 deny ip 223.255.255.0 0.0.0.255 255.255.255.0
0.0.0.255
access-list 101 deny ip 224.0.0.0 31.255.255.255 224.0.0.0
31.255.255.255
access-list 101 deny ip 192.41.177.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.136.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.146.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.134.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.158.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.176.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.184.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 192.157.69.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.128.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.140.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny ip 198.32.130.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 permit ip any any

-Steve

Ack! You don't have a permit statement in there.
The last line should read something like:

access-list 181 permit ip any any

Also, I'd input the list before applying it to the apropriate interfaces.
The slower ciscos seem to appreciate it more when it's done that way,
though my 7206 just screams through it. Lord knows the kind of stress
doing something like that could cause without a permit statement,
especially if your offsite.

Regards,
Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services
Fortune for today: "You're not drunk if you can lie on the floor without
holding on." -- Dean Martin

ghaque! sorry. it was an excerpt from the middle of our actual acl. one
usually filters on more than just those martians. e.g. we drop meet-point
meshes, some hijacked prefixes the nics have asked us to help stomp, ...

and aside from the permit at the bottom, we also have a no access-list at
the top. keeps from accumulating hair.

randy

This has been repaired as of 12/24. We apologize for the confusion, and any
time people may have spent debugging privately numbered applications,

Ryan Brooks
ryan@inc.net

Matthew D. Lammers wrote: