high volume from outside our networks question
Steven Carr
sjcarr at gmail.com
Fri Feb 1 09:33:52 UTC 2013
You should be complying with BCP 38 [http://tools.ietf.org/html/bcp38]
for Inbound Network Filtering which will reduce a lot of unwanted
packets getting into your network.
Our inbound (Cisco) ACL looks like the following and I check up on the
bogon addresses
[http://www.team-cymru.org/Services/Bogons/bogon-dd.html] regularly to
see if they need to be updated:
! filter out the crud
! deny own ip
deny ip 213.120.108.211 0.0.0.0 any
! deny bogon addresses
deny ip 0.0.0.0 0.255.255.255 any
deny ip 100.64.0.0 0.63.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
! deny broadcast
deny ip host 255.255.255.255 any
deny ip host 0.0.0.0 any
! deny non-routables
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
!
Steve
More information about the bind-users
mailing list