[c-nsp] dropping traffic for RFC3330 networks
lee.e.rian at census.gov
lee.e.rian at census.gov
Tue Aug 29 00:20:21 EDT 2006
Hi Mike,
I had a couple of mistakes in the list - here's a corrected copy
ip route 0.0.0.0 255.0.0.0 null0
ip route 10.0.0.0 255.0.0.0 null0
ip route 127.0.0.0 255.0.0.0 null0
ip route 128.0.0.0 255.255.0.0 null0
ip route 169.254.0.0 255.255.0.0 null0
ip route 172.16.0.0 255.240.0.0 null0
ip route 191.255.0.0 255.255.0.0 null0
ip route 192.0.0.0 255.255.255.0 null0
ip route 192.0.2.0 255.255.255.0 null0
ip route 192.168.0.0 255.255.0.0 null0
ip route 198.18.0.0 255.254.0.0 null0
ip route 223.255.255.0 255.255.255.0 null0
ip route 240.0.0.0 240.0.0.0 null0
"Michael K. Smith" <mksmith at adhost.com> wrote on 08/28/2006 07:07:51 PM:
> Check out http://www.cymru.com/Documents/bogon-dd.html for an updated
list
> of all the bogons in various forms (decimal, Cisco ACL, etc.)
I did - and didn't see things like 128.0.0.0/16 and 192.0.0.0/24 which I
don't think are valid Internet addresses.
> The only
> caveat is you want to keep abreast of when changes are made by the
various
> Registrars to add announcements to the global routing tables. If you
don't
> keep abreast you can end up blackholing legitimate traffic.
I'd rather not put us in a position where someone would have to monitor
net.block assignments to keep the list up to date. My guess is that we'll
all be using IPv6 before anything on my list becomes a valid Internet
destination address.
Thanks,
Lee
More information about the cisco-nsp
mailing list