Re: 10-space is L..A..R..G..E

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

Valdis Kletnieks wrote:
> Sane routing protocols do a longest-match. So you just inject all your
> *proper* 10.1.1/24 and 10.1.2/24 and other actual subnets - and then inject
> a route for 10/8 that lists your Snort sensor as "next-hop" :)

We do this on our /16  our routers have a route for 130.216/16  that
points to one of my sensors so I automatically collect all traffic that
isn't explicitly routed anywhere.   It's a great way to find infected
machines and curious students ;)  Not to mention old printer queues and
all sorts of other misconfigurations.

Russell.