Network Operators and smurf

Christopher Neill chrisn+spam at iagnet.net
Fri Apr 24 23:04:32 UTC 1998


On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote:
> At 5:53 PM -0400 4/24/98, Jay R. Ashworth wrote:
> 
> >It's been my understanding that the knobs are in fact _not_ there,
> >Dean, but I'd be happy to be proven wrong.
> 
> On your outbound interface(s):
> 
> access-list 101 permit ip <yournet-1> any out
> access-list 101 permit ip <yournet-2> any out
> ...
> access-list 101 deny ip any any out
> 
> This allows only packets sourced from your networks to be sent.
> 
> Or, another perhaps better way is to only accept packets from your customer
> networks which are sourced from those networks.  Each customer interface
> then has an inbound filter the blocks everything not sourced from your
> customers network.
> 
> 		--Dean

And conversely, ..:

acce 102 deny ip <yournet> any
acce 102 perm ip any any
in s0
ip access-g 102 in

-- 
Christopher M Neill -- Network Operations
QualNet - We Make the Internet Work for Your Business.(sm)
DID: 216-902-5460, Office: 800-466-0088, Fax: 216-623-3566
http://www.qual.net



More information about the NANOG mailing list