Applying bogon access list Cisco IOS

Hello all,

Here is a little snippet of information on the importance of applying an access list to your edge router to IP blocks that are listed on the bogon list

What is the bogon list?

The bogon list is a list of ip subnets that are either invalid non routable ip blocks such as 192.168.0.0 or ip blocks that are not assigned

it is important to block these ip blocks from accessing your network as it eliminates the chance of a hacker spoofing his/her source ip address for an internal ip address for instance with nmap we can issue the following command to spoof our source ip address when scanning a target

nmap -S 192.168.0.1 192.168.1.1 -e eth0 -PN

now if you did not have a access list to block incoming traffic from this non routerable ip 192.168.0.1 the spoofed ip packet will then be able to pass through your router

here is a current bogon list that can be copied and pasted into a Cisco IOS device

copy from below the line

______

conf t

no access-list 101

access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 100.64.0.0 0.63.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.0.0 0.0.0.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 198.51.100.0 0.0.0.255 any
access-list 101 deny ip 203.0.113.0 0.0.0.255 any
access-list 101 deny ip 224.0.0.0 31.255.255.255 any
access-list 101 permit ip any any

end

conf t
int f0/0
ip access-group 101 in
end

write

_______

The above access list will block all the ip blocks on the bogon list
this small step should be apart of network security best practices
for any sized network its simple to apply and can stop many types of attacks

Till next time stay secure !

Sean Mancini

Liked it? Take a second to support Sean Mancini on Patreon!

2 thoughts on “Applying bogon access list Cisco IOS

  1. Hi Sean,

    Very interesting your post. I can understand why block private ip address ranges and multicast but cant see why block ranges like 100.64.0.0 and skme specific hosts

    1. Hey Mario ,

      The reason the block 100.64.0.0 is included is the current bogon list includes the block meaning the block is non aggregated and you should not see traffic coming from this block of addresses if you refer to http://www.team-cymru.org/Services/Bogons/bogon-dd.html you can see a up to date list of ip block that are either non valid or not leased and there for you should not see traffic originating from these source Ip addresses hope this helps

      Sean Mancini

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.