First page Back Continue Last page Summary Graphics
Source Address Spoofing
Your IP addresses
Your LAN addresses
Class A private addresses 10.0.0.0 - 10.255.255.255
Class B private addresses 172.16.0.0 - 172.31.255.255
Class C private addresses 192.168.0.0 - 192.168.255.255
Class D multicast addresses 224.0.0.0 - 239.255.255.255
Class E reserved addresses 240.0.0.0 - 247.255.255.255
loopback 127.0.0.0 - 127.255.255.255 0.0.0.0
Link local addresses 169.254.0.0 - 169.254.255.255
TEST-NET addresses 192.0.2.0 - 192.0.2.255
0.0.0.0 source address in broadcast messages, except with DHCP
255.255.255.255 source address in broadcast messages
0.0.0.0 through 0.255.255.255
Notes:
There are several major classes of source addresses you should deny on your external interface in all cases. These are incoming packets claiming to be from the following:
Your IP address
Your LAN addresses
Class A, B, and C private IP addresses
Class D multicast IP addresses
Class E reserved IP addresses: Loopback interface addresses
Malformed broadcast addresses
Class A network 0 addresses
Link local network addresses: DHCP clients sometimes assign themselves a link local address when they can’t get an address from a server. These addresses range from 169.254.0.0 to 169.254.255.255.
TEST-NET addresses: The address space from 192.0.2.0 to 192.0.2.255 is reserved for test networks.