Re: UUNet Routing SNAFU

From: Alec H. Peterson (no email)
Date: Wed Oct 08 1997 - 23:17:09 EDT


On Wed, Oct 08, 1997 at 07:39:52PM -0700, David Carmean wrote:
>
> I installed the ACL Sean posted back in December of '95, updated by
> changes he posted in June of '96. Is that list still reasonable?

I'm pretty sure that is the version that filters >=207 at /19 (instead
of /18 which is where he initially put the filter). However, keep in
mind that the registries have been allocating space out of old class A
space, which all versions of his filter I've seen _will_ block. So,
depending on your policy you would want to add:

access-list xxx permit ip 62.0.0.0 0.255.255.255 0.0.0.0 255.255.255.0

Do that for 24/8, 62/8 and any other blocks that the IANA has released
to a registry (I think Dorian mentioned 63/8 and 64/8 as well). Of
course, if you want to filter on /19 then your mask will be a little
different.

Of course, one can just do what Randy suggested and filter all class A
space at /19 and be done with it.

Alec

-- 
+------------------------------------+--------------------------------------+
|Alec Peterson -     | Erols Internet Services, INC.        |
|Network Engineer                    | Springfield, VA.                     |
+------------------------------------+--------------------------------------+







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD