[12572] in North American Network Operators' Group
Re: Packets from net 10 (no, not the lyrics)
daemon@ATHENA.MIT.EDU (Mohamad Eljazzar)
Tue Sep 23 11:49:37 1997
Date: Tue, 23 Sep 1997 11:29:17 -0400 (EDT)
From: Mohamad Eljazzar <eljazzar@ns.utk.edu>
To: bmanning@ISI.EDU
cc: nanog@merit.edu, Mohamad Eljazzar <eljazzar@ns.utk.edu>
In-Reply-To: <199709231316.AA08812@zed.isi.edu>
What about providers that use portions of the private address space on
their network (up to and including the client's serial interface)?
Mohamad
On Tue, 23 Sep 1997 bmanning@ISI.EDU wrote:
> > Should I be filtering all reserved space at my border, or would
> > it be reasonable for me to expect the big guys not to take packets
> > with clearly inappropriate source addresses?
>
> Yes you should. (and with kudos to Andrew)
>
> ! Loopback
> access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> ! RFC 1918 private blocks
> access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> ! Test Network
> access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> ! Tiny networks.
> access-list 100 deny ip any 255.255.255.128 0.0.0.127
> access-list 100 permit ip any any
>
>
> > Or is my view on the situation incomplete?
>
> I think so.
>
>
>
> --
> --bill
>