North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Martian list of IP's to block???
- From: Jared Mauch
- Date: Fri Oct 01 12:26:37 1999
Most of us can't "ip verify unicast reverse-path" our upstreams.
On Fri, Oct 01, 1999 at 12:42:40PM -0300, Rubens Kuhl Jr. wrote:
> > deny ip host 0.0.0.0 any log
> > deny ip 127.0.0.0 0.255.255.255 any log
> > deny ip 10.0.0.0 0.255.255.255 any log
> > deny ip 172.16.0.0 0.15.255.255 any log
> > deny ip 192.168.0.0 0.0.255.255 any log
> > deny ip xxx.xxx.xxx.0 0.0.0.255 any log
> > deny ip 18.104.22.168 22.214.171.124 any log
> Routing those networks to nul0 and turning 'ip verify unicast reverse-path'
> on CEF-enabled Cisco routers does this without CPU load or does not ?
> Rubens Kuhl Jr.
Jared Mauch | pgp key available via finger from firstname.lastname@example.org
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
END OF LINE |