Martian list of IP's to block???
Jared Mauch
jared at puck.Nether.net
Fri Oct 1 16:22:33 UTC 1999
Most of us can't "ip verify unicast reverse-path" our upstreams.
- Jared
On Fri, Oct 01, 1999 at 12:42:40PM -0300, Rubens Kuhl Jr. wrote:
>
> > deny ip host 0.0.0.0 any log
> > deny ip 127.0.0.0 0.255.255.255 any log
> > deny ip 10.0.0.0 0.255.255.255 any log
> > deny ip 172.16.0.0 0.15.255.255 any log
> > deny ip 192.168.0.0 0.0.255.255 any log
> > deny ip xxx.xxx.xxx.0 0.0.0.255 any log
> > deny ip 224.0.0.0 31.255.255.255 any log
>
> Routing those networks to nul0 and turning 'ip verify unicast reverse-path'
> on CEF-enabled Cisco routers does this without CPU load or does not ?
>
>
>
> Rubens Kuhl Jr.
>
>
>
>
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
END OF LINE |
More information about the NANOG
mailing list