[25738] in North American Network Operators' Group
Re: ARIN to Allocate from 64.0.0.0/8
daemon@ATHENA.MIT.EDU (Kai Schlichting)
Wed Nov 10 12:10:32 1999
Message-Id: <4.2.1.19991110115739.00ccf140@mail.speedus.net>
Date: Wed, 10 Nov 1999 12:01:54 -0500
To: nanog@merit.edu
From: Kai Schlichting <kai@pac-rim.net>
In-Reply-To: <19991110115057.B2046@above.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At 11:50 AM 11/10/99 -0500, Richard A Steenbergen <ras@above.net> wrote:
>I might almost be happy, except this breaks the oh-so-nice filter of
>64.0.0.0/2 at borders (effectively reduces random src spoofed attacks
>by 25%, and covers 127.0.0.0/8 as well). Go ARIN. </sarcasm>
One line becomes two in your ACL ?
ip permit 64.0.0.0/8
ip deny 64.0.0.0/2
The CPU loss for one more ACL line is probably offsetting the gains of
spoofed traffic pretty well. That will even scale for a little while,
at least for /9 and /10 in the permit line, before you seriously have
to think about how much still-unallocated space you will gratutiously allow
through your ACL.
bye,Kai
