Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 10/8 announced ?

  • From: Stephen Stuart
  • Date: Thu Jul 11 01:33:11 1996

> 10/8 gets announced at least once a day by someone somewhere. Really.
> 
> So what else is new? Smart providers explicitly filter RFC-1918 address
> space.  ;-)

In response to an appearance in May of some 192.168/16 prefixes, Paul
Vixie sent this to the NANOG list. I wrote up a gated analogue for
Digital's border routers; if anyone wants one, send me mail.

> Message-Id: <9605230534.AA26573@wisdom.home.vix.com>
> To: nanog@merit.edu
> Subject: Re: RFC 1597 
> Date: Wed, 22 May 1996 22:34:17 -0700
> From: Paul A Vixie <paul@vix.com>
> 
> > *> 192.168.22.0     144.228.71.5    0 1239 1800 1804 1128 1955 3337 ?
> > *> 192.168.100.0/22 144.228.71.5    0 1239 1794 ?
> > *> 192.168.216.0    144.228.71.5    0 1239 1800 1755 1273 ?
> > 
> > Shame on you 3337, 1794 and 1273.
> 
> Indeed.  Since it's not my turn to be at fault for this kind of thing tonight,
> I guess I'll chime in with a copy of some useful goodies that Andrew Partan
> bestowed upon me last time CIX was caught advertising something bad:
> 
> router bgp xxxx
>  neighbor y.y.y.y remote-as zzzz
>  neighbor y.y.y.y distribute-list 100 in
>  neighbor y.y.y.y distribute-list 101 out
> 
> access-list 100 deny   ip host 0.0.0.0 any
> access-list 100 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 100 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 100 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> access-list 100 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
> access-list 100 deny   ip any 255.255.255.128 0.0.0.127
> access-list 100 permit ip any any
> 
> access-list 101 deny   ip host 0.0.0.0 any
> access-list 101 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 101 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 101 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> access-list 101 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 101 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 101 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 101 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 101 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 101 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 101 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
> access-list 101 deny   ip any 255.255.255.128 0.0.0.127
> access-list 101 permit ip any any
> 
> These are currently identical, but they're split into separate access-list's
> in case the sending restrictions and the receiving restrictions ever have
> cause to differ.
> 
> Note that everybody who's anybody uses peer groups rather than duplicating
> this for every peer, but I'm the wrong person to try to explain peer groups
> so the above was intentionally kept at my "grunt, poke, listen" level.

Stephen
- -----
Stephen Stuart				stuart@pa.dec.com
Network Systems Laboratory
Digital Equipment Corporation
- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.