[c-nsp] dropping traffic for RFC3330 networks
Roy
r.engehausen at gmail.com
Mon Aug 28 19:13:03 EDT 2006
Jay Ford wrote:
> On Mon, 28 Aug 2006 lee.e.rian at census.gov wrote:
>
>> Are there any routes that should be added or removed from this list?
>>
>> ip route 0.0.0.0 255.0.0.0 null0
>> ip route 10.0.0.0 255.0.0.0 null0
>> ip route 127.0.0.0 255.0.0.0 null0
>> ip route 128.0.0.0 255.0.0.0 null0
>> ip route 169.254.0.0 255.255.0.0 null0
>> ip route 172.16.0.0 255.255.0.0 null0
>> ip route 191.255.0.0 255.255.0.0 null0
>> ip route 192.0.0.0 255.255.255.0 null0
>> ip route 192.0.2.0 255.255.255.0 null0
>> ip route 192.168.0.0 255.255.0.0 null0
>> ip route 198.18.0.0 255.254.0.0 null0
>> ip route 223.255.255.0 255.255.255.0 null0
>> ip route 240.0.0.0 240.0.0.0 null0
>>
>
> That list looks a bit broken to me.
>
> The "128.0.0.0 255.0.0.0" will kill many valid addresses (including mine).
> Perhaps it should be "128.0.0.0 255.255.0.0", so it just kills 128.0.0.0/16?
>
> The "172.16.0.0 255.255.0.0" should be "172.16.0.0 255.240.0.0".
>
> There might be other errors. Those are just the ones that jumped out at me.
>
> ________________________________________________________________________
> Jay Ford, Network Engineering Group, Information Technology Services
> University of Iowa, Iowa City, IA 52242
> email: jay-ford at uiowa.edu, phone: 319-335-5555, fax: 319-335-2951
> _______________________________________________
>
>
You should look to the list at http://www.cymru.com/Bogons/index.html
With a little bit of work you can automate 99-100% of the job. I have a
script that fetches a copy of this list daily and then runs a diff
against my stored copy. When it changes, I get an email with the diff
file and then make appropriate changes on my systems.
Roy
More information about the cisco-nsp
mailing list