For whatever reason Cisco's will TAKE null routes to classful broadcasts, however, they will not propagate them. You'll need a Juniper/GateD Box/whatever to push out the routes... And you would only want to null/discard the /32 of the actual ampilifier, not the entire netblocks I would imagine. If you null/discarded the entire /24...well that would make some quite unhappy customers...The object should be not to stop the smurf once it is ongoing, but to prevent it from ever happening... On another note, Troy if you need help with anything...Let me know I'd like to get as many amp sites off the net as possible.. On Sun, 24 Sep 2000, James A. T. Rice wrote:
On Sun, 24 Sep 2000, Troy Davis wrote:
links. At last count, there are 66317 smurf-amplifying /24s; of course, they'd be aggregated where possible in the announcements.
Why aggregrate ? You could just announce the /32's of the actual broadcast addresses, and cause much less damage to other resources on that network.
Also if you do aggregrate, your blackhole route will probabally be less specific then the 'real' route, so the 'real' route and not the blackhole one is what would get used.
-James