[24661] in North American Network Operators' Group
Re: SYN spoofing
daemon@ATHENA.MIT.EDU (Deepak Jain)
Wed Jul 28 16:57:02 1999
Date: Wed, 28 Jul 1999 16:49:21 -0400 (EDT)
From: Deepak Jain <deepak@ai.net>
To: Mike Heller <mikeh@earthweb.com>
Cc: Dan Hollis <goemon@sasami.anime.net>,
Joe Shaw <jshaw@insync.net>,
John Fraizer <John.Fraizer@EnterZone.Net>, bandregg@redhat.com,
nanog@merit.edu
In-Reply-To: <Pine.SOL.3.91.990728160400.26210K-100000@fox>
Errors-To: owner-nanog-outgoing@merit.edu
The thread I was responding to refered to filtering all routes
(outbound) except those sourced from customers'/internal addresses.
Regards,
Deepak Jain
AiNET
On Wed, 28 Jul 1999, Mike Heller wrote:
> I have an access list that I apply to all of our incoming interfaces that
> blocks the announcement of 127.0.0.1, 192.168.0.0, 10.0.0.0, and
> 172.16.0.0. It never changes. I don't see the stated impact on management.
>
> Mike
>
> On Wed, 28 Jul 1999, Dan Hollis wrote:
>
> >
> > On Wed, 28 Jul 1999, Deepak Jain wrote:
> > > While it is easy, it is not always practical because you often have
> > > customers who advertise thousands of prefixes.
> >
> > Why would this have any impact on filtering rfc1918 and other invalid nets
> > like 127.0.0.0/8 and 255.255.255.255?
> >
> > Or perhaps someone could explain a valid reason to route these addresses.
> >
> > -Dan
> >
> >
> >
>
