|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: route filtering in large networks
On Wed, 12 Mar 2003, Jack Bates wrote: > > From: "Michael K. Smith" > > > > > Check out http://www.cymru.com/Documents/secure-ios-template.html > > > > All of the various Bogons, including unassigned ranges, are represented > with > > a route to null0. > > > Nice, although it doesn't explain the purpose of having the routes if you > have an acl. To keep viruses from attempting to contact bogons? To stop your > internal network from surfing the bogon web which can't reply back anyways? I didn't look at the template recently, but I recall something like: route instead of acl... so allow the traffic in and kill it on the way out. Alternately, with uRPF inbound it'll kill the traffic on the inbound since the destination for the packet (source in this case) is invalid.
|