[c-nsp] Bogon Filter - Least Resource/CPU intensive method?

Whisper whisper555 at gmail.com
Wed Mar 5 02:32:30 EST 2008


Which is the prefered method for blocking bogons on the Internet & why? Is
the prefered solution sometimes hardware specific?

Something like this:

ip route 10.0.0.0 255.0.0.0 Null0
ip route 127.0.0.0 255.0.0.0 Null0
ip route 169.254.0.0 255.255.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0

or something like this:

access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 169.254.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any

I know this list example is not complete, its been heavily edited for
brevity.

Up to date bogon lists can be found here:
http://www.cymru.com/Documents/bogon-list.html

Thanks


More information about the cisco-nsp mailing list