nanog mailing list archives
NSA's recommendation for classfull routing (was Re: IP address fee??)
From: Sean Donelan <sean () donelan com>
Date: Fri, 6 Sep 2002 18:01:57 -0400 (EDT)
On Fri, 6 Sep 2002, Iljitsch van Beijnum wrote:
Ok, if I connect to their network I'll remove "ip subnet-zero" and "ip classless" from my configs to revert to the defaults that still reflect the pre-1993 state of affairs, but if they want to connect to "our" network, they should play nice and follow the rules we use here.
The National Security Agency has issued the following principles and guidance for security configuration of IP routers, with detailed instructions for Cisco System routers. A brief passage from the document: By default, a Cisco router will make an attempt to route almost any IP packet. If a packet arrives addressed to a subnet of a network that has no default network route, then IOS will, with IP classless routing, forward the packet along the best available route to a supernet of the addressed subnet. This feature is often not needed. On routers where IP classless routing is not needed, disable it as shown below. Central# config t Enter configuration commands, one per line. End with CNTL/Z. Central(config)# no ip classless Central(config)# exit http://nsa2.www.conxion.com/cisco/download.htm Geez, people are worried about the NSA tapping the Internet. How about worrying the NSA connecting misconfigured routers to the Internet? Yes, even the NSA has bad network days. They just don't like to talk about it.
Current thread:
- Re: IP address fee??, (continued)
- Re: IP address fee?? Manolo Hernandez (Sep 06)
- RE: IP address fee?? David Luyer (Sep 06)
- RE: IP address fee?? Derek Samford (Sep 06)
- Re: IP address fee?? Ted Fischer (Sep 06)
- Re: IP address fee?? Stephen Sprunk (Sep 06)
- Re: IP address fee?? Richard A Steenbergen (Sep 06)
- Re: IP address fee?? Dave Israel (Sep 06)
- RE: IP address fee?? Jeroen Massar (Sep 06)
- Re: IP address fee?? Peter van Dijk (Sep 09)
- Re: IP address fee?? Iljitsch van Beijnum (Sep 06)
- NSA's recommendation for classfull routing (was Re: IP address fee??) Sean Donelan (Sep 06)
- Re: NSA's recommendation for classfull routing (was Re: IP address fee??) Sean Donelan (Sep 06)
- Re: NSA's recommendation for classfull routing (was Re: IP address fee??) Ryan Mooney (Sep 06)
- Re: IP address fee?? Iljitsch van Beijnum (Sep 06)
- Re: IP address fee?? Joe Abley (Sep 06)
- Re: IP address fee?? Iljitsch van Beijnum (Sep 06)
- Re: IP address fee?? Peter van Dijk (Sep 09)
- Re: IP address fee?? Tony Tauber (Sep 05)
- Re: IP address fee?? Etaoin Shrdlu (Sep 05)
- Re: IP address fee?? Christian Malo (Sep 05)
- Re: IP address fee?? Peter van Dijk (Sep 06)