At 05:27 PM 16-02-05 -0500, Sean Donelan wrote:
On Wed, 16 Feb 2005, Kunjal Trivedi wrote:
Due to the feedback we've received on the Autosecure bogon list issue, we've decided to do the following:
1) Provide a fix that removes bogon ACL creation and deployment from the Autosecure feature. This change will be available in mainline and maintenance software releases. For the software release details, please refer to 2.
2) A Cisco Field Notice will be published to inform customers of the change and will contain instructions on how to remove the bogon ACLs created by executing the autosecure command.
We'll update the list with the Field Notice URL as soon as it's available. Tentative date for FN posting is 18th February 2005.
The pendulum swings too far in the other direction.
Sure would have been nice if Cisco had asked/polled a number of key customers to get an idea of what we wanted, rather than to know what they thought we wanted.
Martian addresses are relatively static, and might be good candidates for one-click security. If you see a 127.0.0.0/8 packet floating around, its probably up to no good.
As are RFC1918 addresses. Oh well. -Hank