Educause Security Discussion mailing list archives
Re: 10-space is L..A..R..G..E
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Tue, 1 May 2007 14:25:35 -0700
Valdis Kletnieks wrote:
Sane routing protocols do a longest-match. So you just inject all your *proper* 10.1.1/24 and 10.1.2/24 and other actual subnets - and then inject a route for 10/8 that lists your Snort sensor as "next-hop" :)
We do this on our /16 our routers have a route for 130.216/16 that points to one of my sensors so I automatically collect all traffic that isn't explicitly routed anywhere. It's a great way to find infected machines and curious students ;) Not to mention old printer queues and all sorts of other misconfigurations. Russell.
Current thread:
- Re: 10-space is L..A..R..G..E Russell Fulton (May 01)
- <Possible follow-ups>
- Re: 10-space is L..A..R..G..E Russell Fulton (May 01)