nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network Operators and smurf

From: Christopher Neill <chrisn+spam () iagnet net>
Date: Fri, 24 Apr 1998 19:04:32 -0400
On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote:

At 5:53 PM -0400 4/24/98, Jay R. Ashworth wrote:


It's been my understanding that the knobs are in fact _not_ there,
Dean, but I'd be happy to be proven wrong.


On your outbound interface(s):

access-list 101 permit ip <yournet-1> any out
access-list 101 permit ip <yournet-2> any out
...
access-list 101 deny ip any any out

This allows only packets sourced from your networks to be sent.

Or, another perhaps better way is to only accept packets from your customer
networks which are sourced from those networks.  Each customer interface
then has an inbound filter the blocks everything not sourced from your
customers network.

              --Dean


And conversely, ..:

acce 102 deny ip <yournet> any
acce 102 perm ip any any
in s0
ip access-g 102 in

-- 
Christopher M Neill -- Network Operations
QualNet - We Make the Internet Work for Your Business.(sm)
DID: 216-902-5460, Office: 800-466-0088, Fax: 216-623-3566
http://www.qual.net
Previous By Date Next
Previous By Thread Next

Current thread: