ARIN to Allocate from

Richard Steenbergen ras at
Wed Nov 10 18:38:12 UTC 1999

On Wed, Nov 10, 1999 at 12:01:54PM -0500, Kai Schlichting wrote:
> At 11:50 AM 11/10/99 -0500, Richard A Steenbergen <ras at> wrote:
> >I might almost be happy, except this breaks the oh-so-nice filter of
> > at borders (effectively reduces random src spoofed attacks
> >by 25%, and covers as well). Go ARIN. </sarcasm>
> One line becomes two in your ACL ? 
> ip permit
> ip deny 
> The CPU loss for one more ACL line is probably offsetting the gains of
> spoofed traffic pretty well. That will even scale for a little while,
> at least for /9 and /10 in the permit line, before you seriously have
> to think about how much still-unallocated space you will gratutiously allow
> through your ACL.

Reality is its not that simple. If you are doing any other filters that
might catch on, you'll need to drop those lines down to the
end. Besides the obvious goal of cutting spoofed traffic, one of the
primary uses of this kind of filter (for myself at any rate) is to save
CPU when dealing with small packet high packet/sec random src attacks.
Its not the end of the world, but its annoying and does not help
matters any. *grumble*

Richard A Steenbergen <ras at>
PGP Key ID: 0x60AB0AD1  (E5 35 10 1D DE 7D 8C A7  09 1C 80 8B AF B9 77 BB)
AboveNet Communications - AboveSecure Network Security Engineer, Vienna VA

More information about the NANOG mailing list