[c-nsp] Bogon Filter - Least Resource/CPU intensive method?

Whisper whisper555 at gmail.com
Wed Mar 5 04:58:49 EST 2008


Thanks Roy

That is sort of part of the question.

In what circumstances would 1 method be prefered over the other, if at all?

On Wed, Mar 5, 2008 at 8:51 PM, roy <bandwidth.user at gmail.com> wrote:

> RPF on the edge?
>
> On Wed, 2008-03-05 at 18:32 +1100, Whisper wrote:
> > Which is the prefered method for blocking bogons on the Internet & why?
> Is
> > the prefered solution sometimes hardware specific?
> >
> > Something like this:
> >
> > ip route 10.0.0.0 255.0.0.0 Null0
> > ip route 127.0.0.0 255.0.0.0 Null0
> > ip route 169.254.0.0 255.255.0.0 Null0
> > ip route 172.16.0.0 255.240.0.0 Null0
> > ip route 192.168.0.0 255.255.0.0 Null0
> >
> > or something like this:
> >
> > access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
> > access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
> > access-list 101 deny   ip 169.254.0.0 0.0.255.255 any
> > access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
> > access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
> >
> > I know this list example is not complete, its been heavily edited for
> > brevity.
> >
> > Up to date bogon lists can be found here:
> > http://www.cymru.com/Documents/bogon-list.html
> >
> > Thanks
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


More information about the cisco-nsp mailing list