nanog mailing list archives

Re: route filtering in large networks

From: "Christopher L. Morrow" <chris () UU NET>
Date: Thu, 13 Mar 2003 06:50:23 +0000 (GMT)



On Wed, 12 Mar 2003, Jack Bates wrote:


From: "Michael K. Smith"


Check out http://www.cymru.com/Documents/secure-ios-template.html

All of the various Bogons, including unassigned ranges, are represented

with

a route to null0.

Nice, although it doesn't explain the purpose of having the routes if you
have an acl. To keep viruses from attempting to contact bogons? To stop your
internal network from surfing the bogon web which can't reply back anyways?


I didn't look at the template recently, but I recall something like: route
instead of acl... so allow the traffic in and kill it on the way out.
Alternately, with uRPF inbound it'll kill the traffic on the inbound since
the destination for the packet (source in this case) is invalid.

Current thread:

Re: Put part of Google on 69/8 (was Re: 69/8...this sucks), (continued)
- - - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Adam Rothschild (Mar 11)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Greg Maxwell (Mar 12)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) JC Dill (Mar 12)
    - gender and nanog Randy Bush (Mar 12)
    - route filtering in large networks Andy Dills (Mar 12)
    - Re: route filtering in large networks Richard A Steenbergen (Mar 12)
    - Re: route filtering in large networks Jack Bates (Mar 12)
    - RE: route filtering in large networks Michael K. Smith (Mar 12)
    - Re: route filtering in large networks Jack Bates (Mar 12)
    - Re: route filtering in large networks Peter E. Fry (Mar 12)
    - Re: route filtering in large networks Christopher L. Morrow (Mar 12)
    - Re: route filtering in large networks Rob Thomas (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 12)
    - Re: route filtering in large networks E.B. Dreger (Mar 13)
    - Re: route filtering in large networks Lars Erik Gullerud (Mar 13)
    - Re: route filtering in large networks Alan Hannan (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 12)
    - Re: route filtering in large networks Andy Dills (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 13)
    - Re: route filtering in large networks Dorian Kim (Mar 13)
    - Re: route filtering in large networks Stephen Sprunk (Mar 13)

(Thread continues...)