Re: ARIN to Allocate from 64.0.0.0/8

• From: Kai Schlichting
• Date: Wed Nov 10 12:10:22 1999

At 11:50 AM 11/10/99 -0500, Richard A Steenbergen <[email protected]> wrote:

>I might almost be happy, except this breaks the oh-so-nice filter of
>64.0.0.0/2 at borders (effectively reduces random src spoofed attacks
>by 25%, and covers 127.0.0.0/8 as well). Go ARIN. </sarcasm>

One line becomes two in your ACL ? 
ip permit 64.0.0.0/8
ip deny 64.0.0.0/2 

The CPU loss for one more ACL line is probably offsetting the gains of
spoofed traffic pretty well. That will even scale for a little while,
at least for /9 and /10 in the permit line, before you seriously have
to think about how much still-unallocated space you will gratutiously allow
through your ACL.

bye,Kai

• Follow-Ups:
  • Re: ARIN to Allocate from 64.0.0.0/8 Richard Steenbergen

• References:
  • ARIN to Allocate from 64.0.0.0/8 Richard Jimmerson
  • Re: ARIN to Allocate from 64.0.0.0/8 Richard Steenbergen

• Prev by Date: RE: ARIN's New E-commerce System
• Next by Date: No Op. - Arbitration clauses in peering agreements
• Date Index
• Thread Index
• Author Index
• Historical