[12565] in North American Network Operators' Group
Re: Packets from net 10 (no, not the lyrics)
daemon@ATHENA.MIT.EDU (bmanning@ISI.EDU)
Tue Sep 23 09:37:22 1997
From: bmanning@ISI.EDU
To: dennis@bconnex.net (Dennis Simpson)
Date: Tue, 23 Sep 1997 06:16:08 -0700 (PDT)
Cc: nanog@merit.edu
In-Reply-To: <199709231250.IAA06581@zonzorp.bconnex.ca> from "Dennis Simpson" at Sep 23, 97 08:50:09 am
> Should I be filtering all reserved space at my border, or would
> it be reasonable for me to expect the big guys not to take packets
> with clearly inappropriate source addresses?
Yes you should. (and with kudos to Andrew)
! Loopback
access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
! RFC 1918 private blocks
access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
! Test Network
access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
! Tiny networks.
access-list 100 deny ip any 255.255.255.128 0.0.0.127
access-list 100 permit ip any any
> Or is my view on the situation incomplete?
I think so.
--
--bill
