[c-nsp] Bogon Filter - Least Resource/CPU intensive method?
Whisper
whisper555 at gmail.com
Wed Mar 5 02:32:30 EST 2008
Which is the prefered method for blocking bogons on the Internet & why? Is
the prefered solution sometimes hardware specific?
Something like this:
ip route 10.0.0.0 255.0.0.0 Null0
ip route 127.0.0.0 255.0.0.0 Null0
ip route 169.254.0.0 255.255.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
or something like this:
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
I know this list example is not complete, its been heavily edited for
brevity.
Up to date bogon lists can be found here:
http://www.cymru.com/Documents/bogon-list.html
Thanks
More information about the cisco-nsp
mailing list