nanog mailing list archives

Re: Martian list of IP's to block???

From: Jared Mauch <jared () puck Nether net>
Date: Fri, 1 Oct 1999 12:22:33 -0400


        Most of us can't "ip verify unicast reverse-path" our upstreams.

        - Jared

On Fri, Oct 01, 1999 at 12:42:40PM -0300, Rubens Kuhl Jr. wrote:

    deny   ip host 0.0.0.0 any log
    deny   ip 127.0.0.0 0.255.255.255 any log
    deny   ip 10.0.0.0 0.255.255.255 any log
    deny   ip 172.16.0.0 0.15.255.255 any log
    deny   ip 192.168.0.0 0.0.255.255 any log
    deny   ip xxx.xxx.xxx.0 0.0.0.255 any log
    deny   ip 224.0.0.0 31.255.255.255 any log


Routing those networks to nul0 and turning 'ip verify unicast reverse-path'
on CEF-enabled Cisco routers does this without CPU load or does not ?



Rubens Kuhl Jr.


-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
END OF LINE  |

Current thread:

Martian list of IP's to block??? John M. Brown (Oct 01)
- <Possible follow-ups>
- Re: Martian list of IP's to block??? rfuller (Oct 01)
  - Re: Martian list of IP's to block??? bmanning (Oct 01)
    - Re: Martian list of IP's to block??? Jared Mauch (Oct 01)
    - Re: Martian list of IP's to block??? Andy McConnell (Oct 01)
  - RE: Martian list of IP's to block??? Rubens Kuhl Jr. (Oct 01)
    - Re: Martian list of IP's to block??? Jared Mauch (Oct 01)
    - RE: Martian list of IP's to block??? Rubens Kuhl Jr. (Oct 01)
  - Re: Martian list of IP's to block??? Joe Abley (Oct 02)
    - Re: Martian list of IP's to block??? sthaug (Oct 02)
    - Re: Martian list of IP's to block??? Frank Hellemink (Oct 02)