[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ipchains adding to rc.local
- Subject: Re: [cobalt-security] ipchains adding to rc.local
- From: Ted Behling <TBehling@xxxxxxxxxxxxx>
- Date: Thu, 26 Jul 2001 05:46:29 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 11:11 PM 7/25/01 -0700, Scott F wrote:
>So the correct way, if I understand this correctly,
>would be to enter the range as 203.232.0.0/16.
>
>-OR- if one just wanted to block the last 8-bit range,
>it would be entered as 203.232.0.0/24 (am I correct?)
Yes. Your second example would block 203.232.0.0 - 203.232.0.255.
BTW, a 24-bit subnet mask can also be expressed as 255.255.255.0. Windows
and Linux configure their IP interfaces this way. It's still saying to use
the first 24 bits as the network address.
>So if you write it with a /24 designation, it's only
>blocking IP's ranging from 203.232.xxx.0 through
>230.232.xxx.255.
Not quite; see above. It'd block 230.232.0.xxx.
>I'm not quite sure if I understand what the difference
>is between IP ranges under 192 and those above it..<?>
>You're saying that basically any range above 192 would
>be more segregated and not necessarily from one
>general region or do I possibly have it backwards?
>What you're saying is that 203.232.150.125 could
>belong to a system in China and yet 203.232.150.225
>could be mapped to a system in another part of the
>world (correct?) But if I perform a lookup on a
>particalr range (203.232.) and it shows 203.232.0.0 -
>203.232.255.255 all mapped to the region I'm trying to
>block, it would be safe to use the /16-bit
>designation..<?>
Sorry for confusing matters. There isn't a different in the addresses
themselves; only in how they're assigned. My Cisco textbook says that of
the 254 usable top-level IP blocks, the first half of them (up to and
mabybe including 128.*.*.*) are assigned in Class A blocks. The next
quarter (up to 192.*.*.*) is assigned in Class B blocks, and the rest are
Class C blocks. Of course, there are many more Class B's and C's than A's.
You might want to buy Cisco's text, "Cisco Networking Academy Program:
First Year Companion Guide" from Amazon if you'd like details on this.
-------------------------------------------------------------------------
Ted Behling, Web Application Developer, Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.monarchis.net
-------------------------------------------------------------------------