[12827] in North American Network Operators' Group
Re: UUNet Routing SNAFU
daemon@ATHENA.MIT.EDU (Alec H. Peterson)
Wed Oct 8 23:26:14 1997
Date: Wed, 8 Oct 1997 23:17:09 -0400
From: "Alec H. Peterson" <ahp@hilander.com>
To: David Carmean <dlc@avtel.net>
Cc: nanog@merit.edu
In-Reply-To: <19971008193952.29417@beach.silcom.com>; from David Carmean on Wed, Oct 08, 1997 at 07:39:52PM -0700
On Wed, Oct 08, 1997 at 07:39:52PM -0700, David Carmean wrote:
>
> I installed the ACL Sean posted back in December of '95, updated by
> changes he posted in June of '96. Is that list still reasonable?
I'm pretty sure that is the version that filters >=207 at /19 (instead
of /18 which is where he initially put the filter). However, keep in
mind that the registries have been allocating space out of old class A
space, which all versions of his filter I've seen _will_ block. So,
depending on your policy you would want to add:
access-list xxx permit ip 62.0.0.0 0.255.255.255 0.0.0.0 255.255.255.0
Do that for 24/8, 62/8 and any other blocks that the IANA has released
to a registry (I think Dorian mentioned 63/8 and 64/8 as well). Of
course, if you want to filter on /19 then your mask will be a little
different.
Of course, one can just do what Randy suggested and filter all class A
space at /19 and be done with it.
Alec
--
+------------------------------------+--------------------------------------+
|Alec Peterson - ahp@hilander.com | Erols Internet Services, INC. |
|Network Engineer | Springfield, VA. |
+------------------------------------+--------------------------------------+
