[c-nsp] dropping traffic for RFC3330 networks

Roy r.engehausen at gmail.com
Mon Aug 28 19:13:03 EDT 2006


Jay Ford wrote:
> On Mon, 28 Aug 2006 lee.e.rian at census.gov wrote:
>   
>> Are there any routes that should be added or removed from this list?
>>
>> ip route 0.0.0.0       255.0.0.0     null0
>> ip route 10.0.0.0      255.0.0.0     null0
>> ip route 127.0.0.0     255.0.0.0     null0
>> ip route 128.0.0.0     255.0.0.0     null0
>> ip route 169.254.0.0   255.255.0.0   null0
>> ip route 172.16.0.0    255.255.0.0   null0
>> ip route 191.255.0.0   255.255.0.0   null0
>> ip route 192.0.0.0     255.255.255.0 null0
>> ip route 192.0.2.0     255.255.255.0 null0
>> ip route 192.168.0.0   255.255.0.0   null0
>> ip route 198.18.0.0    255.254.0.0   null0
>> ip route 223.255.255.0 255.255.255.0 null0
>> ip route 240.0.0.0     240.0.0.0     null0
>>     
>
> That list looks a bit broken to me.
>
> The "128.0.0.0 255.0.0.0" will kill many valid addresses (including mine).
> Perhaps it should be "128.0.0.0 255.255.0.0", so it just kills 128.0.0.0/16?
>
> The "172.16.0.0 255.255.0.0" should be "172.16.0.0 255.240.0.0".
>
> There might be other errors.  Those are just the ones that jumped out at me.
>
> ________________________________________________________________________
> Jay Ford, Network Engineering Group, Information Technology Services
> University of Iowa, Iowa City, IA 52242
> email: jay-ford at uiowa.edu, phone: 319-335-5555, fax: 319-335-2951
> _______________________________________________
>
>   
You should look to the list at http://www.cymru.com/Bogons/index.html  
With a little bit of work you can automate 99-100% of the job.  I have a 
script that fetches a copy of this list daily and then runs a diff 
against my stored copy.  When it changes, I get an email with the diff 
file and then make appropriate changes on my systems.

Roy


More information about the cisco-nsp mailing list