[c-nsp] Access-list Question
Gert Doering
gert at greenie.muc.de
Tue May 15 09:49:45 EDT 2007
Hi,
On Tue, May 15, 2007 at 02:43:09PM +0100, Tim Franklin wrote:
> To borrow a phrase, I would encourage my competition to design solutions
> based around non-contiguous wildmasks :)
Been that, done that, found it useful
deny ip any 195.30.0.255 0.0.255.0
- drop packets to all .255 addresses inside our /16 (anti-smurf).
But admittedly this is a rare case (and could probably go away today,
given that we see far less probes for that, and that most networks
have turned off directed-broadcasts these days)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list