[c-nsp] dropping traffic for RFC3330 networks
Michael K. Smith
mksmith at adhost.com
Mon Aug 28 19:07:51 EDT 2006
Hello lee:
On 8/28/06 2:24 PM, "lee.e.rian at census.gov" <lee.e.rian at census.gov> wrote:
>
> Hi All,
>
> Instead of forwarding traffic with invalid destination addresses to our ISP
> I'd prefer to send it to the bit bucket.
>
> I know about the bogon list (http://www.cymru.com/Documents/bogon-dd.html)
> but I don't want to have to update our list of networks to black-hole.
> What I'm looking for is a list of networks that most probably never will be
> valid Internet destination addresses.
>
> Are there any routes that should be added or removed from this list?
>
> ip route 0.0.0.0 255.0.0.0 null0
> ip route 10.0.0.0 255.0.0.0 null0
> ip route 127.0.0.0 255.0.0.0 null0
> ip route 128.0.0.0 255.0.0.0 null0
> ip route 169.254.0.0 255.255.0.0 null0
> ip route 172.16.0.0 255.255.0.0 null0
> ip route 191.255.0.0 255.255.0.0 null0
> ip route 192.0.0.0 255.255.255.0 null0
> ip route 192.0.2.0 255.255.255.0 null0
> ip route 192.168.0.0 255.255.0.0 null0
> ip route 198.18.0.0 255.254.0.0 null0
> ip route 223.255.255.0 255.255.255.0 null0
> ip route 240.0.0.0 240.0.0.0 null0
Check out http://www.cymru.com/Documents/bogon-dd.html for an updated list
of all the bogons in various forms (decimal, Cisco ACL, etc.) The only
caveat is you want to keep abreast of when changes are made by the various
Registrars to add announcements to the global routing tables. If you don't
keep abreast you can end up blackholing legitimate traffic.
Regards,
Mike
More information about the cisco-nsp
mailing list