nanog mailing list archives
Re: Filtering Best Practices, et al (Was Verio Peering, Gordon's Knot)
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Tue, 9 Oct 2001 16:00:40 +0000 (GMT)
Date: Tue, 09 Oct 2001 07:58:19 -0700 From: Grant A. Kirkwood <grant () virtical net>
I'm currently in the process of setting up a new border router, and the recent debate on the above topic got me wondering what the best practice filtering policy is? Is there one?
And what do people put in place in terms of anti-spoofing ACLs and such? There's a wealth of information on these topics, but no real consensus.
+ If you're running BGP, filter your as-paths and netblocks to avoid any unwanted redistribution. This is always a bad thing, and long as-paths don't necessarily rule out a path being taken; remember that local-pref overrides as-path length. If it's an edge router, you needn't worry too much about prefix length -- they're already filtered for you. + You want to prevent forged outbound packets. They have no valid[1] use, and forged packets make tracing DoS attacks a pain. [1] I recall hearing that some satellite downlink Web service required the ability to send packets from their netblock. However, you can selectively allow these, as you would you own netblock. + Disallow 10/8, 172.16/12, and 192.168/16 -- no need for them to go anywhere. Eddy --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist () brics com> To: blacklist () brics com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist () brics com>, or you are likely to be blocked.
Current thread:
- Filtering Best Practices, et al (Was Verio Peering, Gordon's Knot) Grant A. Kirkwood (Oct 09)
- Re: Filtering Best Practices, et al (Was Verio Peering, Gordon's Knot) Jared Mauch (Oct 09)
- Re: Filtering Best Practices, et al (Was Verio Peering, Gordon's Knot) E.B. Dreger (Oct 09)
- Re: Filtering Best Practices, et al (Was Verio Peering, Gordon's Rob Thomas (Oct 09)
- Changed Cisco Memory Policy?? Walters (Oct 12)
- Re: Changed Cisco Memory Policy?? Paul Timmins (Oct 12)
- Re: Changed Cisco Memory Policy?? Rodney Dunn (Oct 12)
- Re: Filtering Best Practices, et al (Was Verio Peering, Gordon's Rob Thomas (Oct 09)
- Re: Filtering Best Practices, et al (Was Verio Peering, Gordon's Knot) Andreas Plesner Jacobsen (Oct 10)