Applying bogon access list Cisco IOS

Hello all,

Here is a little snippet of information on the importance of applying an access list to your edge router to IP blocks that are listed on the bogon list

What is the bogon list?

The bogon list is a list of ip subnets that are either invalid non routable ip blocks such as 192.168.0.0 or ip blocks that are not assigned

it is important to block these ip blocks from accessing your network as it eliminates the chance of a hacker spoofing his/her source ip address for an internal ip address for instance with nmap we can issue the following command to spoof our source ip address when scanning a target

nmap -S 192.168.0.1 192.168.1.1 -e eth0 -PN

now if you did not have a access list to block incoming traffic from this non routerable ip 192.168.0.1 the spoofed ip packet will then be able to pass through your router

here is a current bogon list that can be copied and pasted into a Cisco IOS device

copy from below the line

______

conf t

no access-list 101

access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 100.64.0.0 0.63.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.0.0 0.0.0.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 198.51.100.0 0.0.0.255 any
access-list 101 deny ip 203.0.113.0 0.0.0.255 any
access-list 101 deny ip 224.0.0.0 31.255.255.255 any
access-list 101 permit ip any any

end

conf t
int f0/0
ip access-group 101 in
end

write

_______

The above access list will block all the ip blocks on the bogon list
this small step should be apart of network security best practices
for any sized network its simple to apply and can stop many types of attacks

Till next time stay secure !

Sean Mancini