Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Martian list of IP's to block???

  • From: Jared Mauch
  • Date: Fri Oct 01 12:26:37 1999

	Most of us can't "ip verify unicast reverse-path" our upstreams.

	- Jared

On Fri, Oct 01, 1999 at 12:42:40PM -0300, Rubens Kuhl Jr. wrote:
> 
> >     deny   ip host 0.0.0.0 any log
> >     deny   ip 127.0.0.0 0.255.255.255 any log
> >     deny   ip 10.0.0.0 0.255.255.255 any log
> >     deny   ip 172.16.0.0 0.15.255.255 any log
> >     deny   ip 192.168.0.0 0.0.255.255 any log
> >     deny   ip xxx.xxx.xxx.0 0.0.0.255 any log
> >     deny   ip 224.0.0.0 31.255.255.255 any log
> 
> Routing those networks to nul0 and turning 'ip verify unicast reverse-path'
> on CEF-enabled Cisco routers does this without CPU load or does not ?
> 
> 
> 
> Rubens Kuhl Jr.
> 
> 
> 
> 

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
END OF LINE  |





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.