Educause Security Discussion mailing list archives
Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide?
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Mon, 30 Apr 2007 10:45:59 -0400
Buz Dale wrote:
Maybe instead of using the whole 10.0.0.0 you only route the smaller class "c"s that are assigned. Then you could drop anything to or from the address ranges that aren't assigned.
Precisely. Install a lowest-priority static null route to 10.0.0.0/8 at your core. Actual live, legitimately advertised subnets will override the null. Rogues go in the bit bucket. Jeff
Current thread:
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Buz Dale (Apr 30)
- <Possible follow-ups>
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Glenn Forbes Fleming Larratt (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Valdis Kletnieks (May 01)