[25252] in North American Network Operators' Group
Re: Martian list of IP's to block???
daemon@ATHENA.MIT.EDU (Jared Mauch)
Fri Oct 1 12:26:37 1999
Date: Fri, 1 Oct 1999 12:22:33 -0400
From: Jared Mauch <jared@puck.Nether.net>
To: "Rubens Kuhl Jr." <rkuhljr@uol.com.br>
Cc: nanog@merit.edu
Message-ID: <19991001122233.C17774@puck.nether.net>
Mail-Followup-To: "Rubens Kuhl Jr." <rkuhljr@uol.com.br>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <003a01bf0c23$98337100$5cf1e7c8@users.uol.com.br>
Errors-To: owner-nanog-outgoing@merit.edu
Most of us can't "ip verify unicast reverse-path" our upstreams.
- Jared
On Fri, Oct 01, 1999 at 12:42:40PM -0300, Rubens Kuhl Jr. wrote:
>
> > deny ip host 0.0.0.0 any log
> > deny ip 127.0.0.0 0.255.255.255 any log
> > deny ip 10.0.0.0 0.255.255.255 any log
> > deny ip 172.16.0.0 0.15.255.255 any log
> > deny ip 192.168.0.0 0.0.255.255 any log
> > deny ip xxx.xxx.xxx.0 0.0.0.255 any log
> > deny ip 224.0.0.0 31.255.255.255 any log
>
> Routing those networks to nul0 and turning 'ip verify unicast reverse-path'
> on CEF-enabled Cisco routers does this without CPU load or does not ?
>
>
>
> Rubens Kuhl Jr.
>
>
>
>
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
END OF LINE |
