[43412] in North American Network Operators' Group
Re: Filtering Best Practices, et al (Was Verio Peering, Gordon's
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Tue Oct 9 12:02:25 2001
Date: Tue, 9 Oct 2001 16:00:40 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: "Grant A. Kirkwood" <grant@virtical.net>
Cc: nanog@merit.edu
In-Reply-To: <3BC3108B.3C3FC383@virtical.net>
Message-ID: <Pine.LNX.4.20.0110091552440.4473-100000@www.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> Date: Tue, 09 Oct 2001 07:58:19 -0700
> From: Grant A. Kirkwood <grant@virtical.net>
> I'm currently in the process of setting up a new border router,
> and the recent debate on the above topic got me wondering what
> the best practice filtering policy is? Is there one?
> And what do people put in place in terms of anti-spoofing ACLs
> and such? There's a wealth of information on these topics, but
> no real consensus.
+ If you're running BGP, filter your as-paths and netblocks to
avoid any unwanted redistribution. This is always a bad thing,
and long as-paths don't necessarily rule out a path being
taken; remember that local-pref overrides as-path length.
If it's an edge router, you needn't worry too much about prefix
length -- they're already filtered for you.
+ You want to prevent forged outbound packets. They have no
valid[1] use, and forged packets make tracing DoS attacks a
pain.
[1] I recall hearing that some satellite downlink Web service
required the ability to send packets from their netblock.
However, you can selectively allow these, as you would you own
netblock.
+ Disallow 10/8, 172.16/12, and 192.168/16 -- no need for them to
go anywhere.
Eddy
---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@brics.com>, or you are likely to be blocked.
