North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 10/8 announced ?
> 10/8 gets announced at least once a day by someone somewhere. Really. > > So what else is new? Smart providers explicitly filter RFC-1918 address > space. ;-) In response to an appearance in May of some 192.168/16 prefixes, Paul Vixie sent this to the NANOG list. I wrote up a gated analogue for Digital's border routers; if anyone wants one, send me mail. > Message-Id: <[email protected]> > To: [email protected] > Subject: Re: RFC 1597 > Date: Wed, 22 May 1996 22:34:17 -0700 > From: Paul A Vixie <[email protected]> > > > *> 192.168.22.0 144.228.71.5 0 1239 1800 1804 1128 1955 3337 ? > > *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ? > > *> 192.168.216.0 144.228.71.5 0 1239 1800 1755 1273 ? > > > > Shame on you 3337, 1794 and 1273. > > Indeed. Since it's not my turn to be at fault for this kind of thing tonight, > I guess I'll chime in with a copy of some useful goodies that Andrew Partan > bestowed upon me last time CIX was caught advertising something bad: > > router bgp xxxx > neighbor y.y.y.y remote-as zzzz > neighbor y.y.y.y distribute-list 100 in > neighbor y.y.y.y distribute-list 101 out > > access-list 100 deny ip host 0.0.0.0 any > access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 > access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 > access-list 100 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > access-list 100 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > access-list 100 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255 > access-list 100 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 > access-list 100 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 > access-list 100 deny ip any 255.255.255.128 0.0.0.127 > access-list 100 permit ip any any > > access-list 101 deny ip host 0.0.0.0 any > access-list 101 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > access-list 101 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > access-list 101 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 > access-list 101 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > access-list 101 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 > access-list 101 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > access-list 101 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > access-list 101 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255 > access-list 101 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 > access-list 101 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 > access-list 101 deny ip any 255.255.255.128 0.0.0.127 > access-list 101 permit ip any any > > These are currently identical, but they're split into separate access-list's > in case the sending restrictions and the receiving restrictions ever have > cause to differ. > > Note that everybody who's anybody uses peer groups rather than duplicating > this for every peer, but I'm the wrong person to try to explain peer groups > so the above was intentionally kept at my "grunt, poke, listen" level. Stephen - ----- Stephen Stuart [email protected] Network Systems Laboratory Digital Equipment Corporation - - - - - - - - - - - - - - - - -
|