[c-nsp] Bogon Filter - Least Resource/CPU intensive method?
roy
bandwidth.user at gmail.com
Wed Mar 5 04:51:49 EST 2008
RPF on the edge?
On Wed, 2008-03-05 at 18:32 +1100, Whisper wrote:
> Which is the prefered method for blocking bogons on the Internet & why? Is
> the prefered solution sometimes hardware specific?
>
> Something like this:
>
> ip route 10.0.0.0 255.0.0.0 Null0
> ip route 127.0.0.0 255.0.0.0 Null0
> ip route 169.254.0.0 255.255.0.0 Null0
> ip route 172.16.0.0 255.240.0.0 Null0
> ip route 192.168.0.0 255.255.0.0 Null0
>
> or something like this:
>
> access-list 101 deny ip 10.0.0.0 0.255.255.255 any
> access-list 101 deny ip 127.0.0.0 0.255.255.255 any
> access-list 101 deny ip 169.254.0.0 0.0.255.255 any
> access-list 101 deny ip 172.16.0.0 0.15.255.255 any
> access-list 101 deny ip 192.168.0.0 0.0.255.255 any
>
> I know this list example is not complete, its been heavily edited for
> brevity.
>
> Up to date bogon lists can be found here:
> http://www.cymru.com/Documents/bogon-list.html
>
> Thanks
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list