On Fri, 6 Sep 2002, Iljitsch van Beijnum wrote:
Ok, if I connect to their network I'll remove "ip subnet-zero" and "ip classless" from my configs to revert to the defaults that still reflect the pre-1993 state of affairs, but if they want to connect to "our" network, they should play nice and follow the rules we use here.
The National Security Agency has issued the following principles and guidance for security configuration of IP routers, with detailed instructions for Cisco System routers. A brief passage from the document: By default, a Cisco router will make an attempt to route almost any IP packet. If a packet arrives addressed to a subnet of a network that has no default network route, then IOS will, with IP classless routing, forward the packet along the best available route to a supernet of the addressed subnet. This feature is often not needed. On routers where IP classless routing is not needed, disable it as shown below. Central# config t Enter configuration commands, one per line. End with CNTL/Z. Central(config)# no ip classless Central(config)# exit http://nsa2.www.conxion.com/cisco/download.htm Geez, people are worried about the NSA tapping the Internet. How about worrying the NSA connecting misconfigured routers to the Internet? Yes, even the NSA has bad network days. They just don't like to talk about it.