[11839] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Filtering Source Addresses on gw-internet

daemon@ATHENA.MIT.EDU (Tony Li)
Fri Aug 15 05:05:35 1997

To: jlewis@inorganic5.fdt.net (Jon Lewis)
cc: nanog@merit.edu
From: Tony Li <tli@juniper.net>
Date: 15 Aug 1997 01:59:43 -0700
In-Reply-To: jlewis@inorganic5.fdt.net's message of 15 Aug 97 08:03:00 GMT

jlewis@inorganic5.fdt.net (Jon Lewis) writes:

> I vaguely remember hearing somewhere that routing to a loopback interface
> was better than null0 for feeding unwanted packets into a black hole.  Is
> that case perhaps not process switched? 

Nope, sorry.  Also process switched.

The hack to drop things fast is to find a lightly loaded LAN interface and
then forward it all to a non-existant system on that LAN.  Of course,
you'll have to manually configure an ARP entry for the bogon.

Tony


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11839] in North American Network Operators' Group

Re: Filtering Source Addresses on gw-internet

daemon@ATHENA.MIT.EDU (Tony Li)Fri Aug 15 05:05:35 1997

daemon@ATHENA.MIT.EDU (Tony Li)
Fri Aug 15 05:05:35 1997