Диапазоны ip адресов

В данной заметке приведен список диапазонов IP-адресов, которые стоить закрывать при настройке файрволов:

1. deny ip any 192.168.0.0 0.0.255.255 (192.168.0.1 — 192.168.255.254)

Address:   192.168.0.0          11000000.10101000. 00000000.00000000
Netmask:   255.255.0.0 = 16     11111111.11111111. 00000000.00000000
Wildcard: 0.0.255.255          00000000.00000000. 11111111.11111111
Network:   192.168.0.0/16       11000000.10101000. 00000000.00000000
HostMin:   192.168.0.1          11000000.10101000. 00000000.00000001
HostMax:   192.168.255.254      11000000.10101000. 11111111.11111110
Broadcast: 192.168.255.255      11000000.10101000. 11111111.11111111
Hosts/Net: 65534                 Class C, Private Internet

2. deny ip any 172.16.0.0 0.15.255.255 (172.16.0.1 — 172.31.255.254)

Address:   172.16.0.0           10101100.0001 0000.00000000.00000000
Netmask:   255.240.0.0 = 12     11111111.1111 0000.00000000.00000000
Wildcard: 0.15.255.255         00000000.0000 1111.11111111.11111111
Network:   172.16.0.0/12        10101100.0001 0000.00000000.00000000
HostMin:   172.16.0.1           10101100.0001 0000.00000000.00000001
HostMax:   172.31.255.254       10101100.0001 1111.11111111.11111110
Broadcast: 172.31.255.255       10101100.0001 1111.11111111.11111111
Hosts/Net: 1048574               Class B, Private Internet

3. deny ip any 10.0.0.0 0.255.255.255 (10.0.0.1 — 10.255.255.254)

Address:   10.0.0.0             00001010. 00000000.00000000.00000000
Netmask:   255.0.0.0 = 8        11111111. 00000000.00000000.00000000
Wildcard: 0.255.255.255        00000000. 11111111.11111111.11111111
Network:   10.0.0.0/8           00001010. 00000000.00000000.00000000
HostMin:   10.0.0.1             00001010. 00000000.00000000.00000001
HostMax:   10.255.255.254       00001010. 11111111.11111111.11111110
Broadcast: 10.255.255.255       00001010. 11111111.11111111.11111111
Hosts/Net: 16777214              Class A, Private Internet

4. deny ip any 0.0.0.0 0.255.255.255 (0.0.0.1 — 0.255.255.254)

Address:   0.0.0.0              00000000. 00000000.00000000.00000000
Netmask:   255.0.0.0 = 8        11111111. 00000000.00000000.00000000
Wildcard: 0.255.255.255        00000000. 11111111.11111111.11111111
Network:   0.0.0.0/8            00000000. 00000000.00000000.00000000
HostMin:   0.0.0.1              00000000. 00000000.00000000.00000001
HostMax:   0.255.255.254        00000000. 11111111.11111111.11111110
Broadcast: 0.255.255.255        00000000. 11111111.11111111.11111111
Hosts/Net: 16777214              Class A

5. deny ip any host 255.255.255.255 (255.255.255.1 — 255.255.255.254)

Address:   255.255.255.255      11111111.11111111.11111111. 11111111
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255            00000000.00000000.00000000. 11111111
Network:   255.255.255.0/24     11111111.11111111.11111111. 00000000
HostMin:   255.255.255.1        11111111.11111111.11111111. 00000001
HostMax:   255.255.255.254      11111111.11111111.11111111. 11111110
Broadcast: 255.255.255.255      11111111.11111111.11111111. 11111111
Hosts/Net: 254                   Class invalid

6. deny ip any 127.0.0.0 0.255.255.255 (127.0.0.1 — 127.255.255.254)

Address:   127.0.0.0            01111111. 00000000.00000000.00000000
Netmask:   255.0.0.0 = 8        11111111. 00000000.00000000.00000000
Wildcard: 0.255.255.255        00000000. 11111111.11111111.11111111
Network:   127.0.0.0/8          01111111. 00000000.00000000.00000000
HostMin:   127.0.0.1            01111111. 00000000.00000000.00000001
HostMax:   127.255.255.254      01111111. 11111111.11111111.11111110
Broadcast: 127.255.255.255      01111111. 11111111.11111111.11111111
Hosts/Net: 16777214              Class A, Loopback

7. deny ip any 224.0.0.0 15.255.255.255 (224.0.0.1 — 239.255.255.254)

Address:   224.0.0.0            1110 0000.00000000.00000000.00000000
Netmask:   240.0.0.0 = 4        1111 0000.00000000.00000000.00000000
Wildcard: 15.255.255.255       0000 1111.11111111.11111111.11111111
Network:   224.0.0.0/4          1110 0000.00000000.00000000.00000000
HostMin:   224.0.0.1            1110 0000.00000000.00000000.00000001
HostMax:   239.255.255.254      1110 1111.11111111.11111111.11111110
Broadcast: 239.255.255.255      1110 1111.11111111.11111111.11111111
Hosts/Net: 268435454             Class D, Multicast

8. deny ip any 240.0.0.0 7.255.255.255 (240.0.0.1 — 247.255.255.254)

Address:   240.0.0.0            11110 000.00000000.00000000.00000000
Netmask:   248.0.0.0 = 5        11111 000.00000000.00000000.00000000
Wildcard: 7.255.255.255        00000 111.11111111.11111111.11111111
Network:   240.0.0.0/5          11110 000.00000000.00000000.00000000
HostMin:   240.0.0.1            11110 000.00000000.00000000.00000001
HostMax:   247.255.255.254      11110 111.11111111.11111111.11111110
Broadcast: 247.255.255.255      11110 111.11111111.11111111.11111111
Hosts/Net: 134217726             Class E

9. deny ip any 192.0.2.0 0.0.0.255 (192.0.2.1 — 192.0.2.254)

Address:   192.0.2.0            11000000.00000000.00000010. 00000000
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255            00000000.00000000.00000000. 11111111
Network:   192.0.2.0/24         11000000.00000000.00000010. 00000000
HostMin:   192.0.2.1            11000000.00000000.00000010. 00000001
HostMax:   192.0.2.254          11000000.00000000.00000010. 11111110
Broadcast: 192.0.2.255          11000000.00000000.00000010. 11111111
Hosts/Net: 254                   Class C

То есть, приблизительно правильно на файрволе должно выглядеть где-то так (в данном случае пример с Access-lists Cisco Switch):

10 permit ip any host 10.20.0.5 log
20 permit ip any host 10.20.0.8 log
30 permit ip any host 10.20.0.10 log
40 deny ip any 192.168.0.0 0.0.255.255 log
50 deny ip any 192.168.0.0 0.0.255.255
60 deny ip any 172.16.0.0 0.15.255.255
70 deny ip any 10.0.0.0 0.255.255.255
80 deny ip any 0.0.0.0 0.255.255.255
90 deny ip any host 255.255.255.255
100 deny ip any 127.0.0.0 0.255.255.255
110 deny ip any 224.0.0.0 15.255.255.255
120 deny ip any 240.0.0.0 7.255.255.255
130 deny ip any 192.0.2.0 0.0.0.255
140 permit ip any any

Ссылки на другие ресурсы в сети Интернет:

1. Классы IP-адресов
2. Классовая адресация

Январь 20th, 2012 in Cisco, Linux, Others, Windows

Напоминалка системного администратора!

Диапазоны ip адресов

Leave a comment

Рубрики

Свежие записи

Календарь

Ссылки

Январь 2012
Пн	Вт	Ср	Чт	Пт	Сб	Вс
« Дек				Фев »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31