Firewalls in service provider environments
Steve Bertrand
steve.bertrand at gmail.com
Wed Feb 8 03:20:13 UTC 2012
On 2012.02.07 20:47, Suresh Ramasubramanian wrote:
> On Wed, Feb 8, 2012 at 4:04 AM, George Bonser<gbonser at seven.com> wrote:
>> I typically also include traffic to/from:
>>
>> TCP/UDP port 0
>> 169.254.0.0/16
>> 192.0.2.0/24
>> 198.51.100.0/24
>> 203.0.113.0/24
>>
>> Been wondering if I should also block 198.18.0.0/15 as well.
>
> suresh at frodo 17:46:08 :~$ nslookup 1.113.0.203.bogons.cymru.com
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> Non-authoritative answer:
> Name: 1.113.0.203.bogons.cymru.com
> Address: 127.0.0.2
>
> Also available as a bgp feed, for years now. Saves you updating your
> martian ACLs from time to time.
Amen. v4 and v6 lists are available via free BGP feed (via v4 and v6
peering) from Cymru. Dynamic simplicity within community's finest standards.
Works wonders for those who have s/RTBH deployed.
More information about the NANOG
mailing list