high volume from outside our networks question

Steven Carr sjcarr at gmail.com
Fri Feb 1 09:33:52 UTC 2013


You should be complying with BCP 38 [http://tools.ietf.org/html/bcp38]
for Inbound Network Filtering which will reduce a lot of unwanted
packets getting into your network.

Our inbound (Cisco) ACL looks like the following and I check up on the
bogon addresses
[http://www.team-cymru.org/Services/Bogons/bogon-dd.html] regularly to
see if they need to be updated:

 ! filter out the crud
 ! deny own ip
 deny ip 213.120.108.211 0.0.0.0 any
 ! deny bogon addresses
 deny ip 0.0.0.0 0.255.255.255 any
 deny ip 100.64.0.0 0.63.255.255 any
 deny ip 127.0.0.0 0.255.255.255 any
 deny ip 169.254.0.0 0.0.255.255 any
 deny ip 192.0.0.0 0.0.0.255 any
 deny ip 192.0.2.0 0.0.0.255 any
 deny ip 198.18.0.0 0.1.255.255 any
 deny ip 198.51.100.0 0.0.0.255 any
 deny ip 203.0.113.0 0.0.0.255 any
 deny ip 224.0.0.0 31.255.255.255 any
 ! deny broadcast
 deny ip host 255.255.255.255 any
 deny ip host 0.0.0.0 any
 ! deny non-routables
 deny ip 10.0.0.0 0.255.255.255 any
 deny ip 172.16.0.0 0.15.255.255 any
 deny ip 192.168.0.0 0.0.255.255 any
 !

Steve



More information about the bind-users mailing list