On 2004-11-09-17:10:02, "Network.Security" <Network.Security@target.com> wrote:
We receive a disturbingly large amount of traffic sourced from the 1918 space destined for our network coming from one of our normally respectable Tier 1 ISP's (three letter acronym, starts with 'M', ends with 'CI').
This is particularly irritating since we pay for burstable service; nice that we are paying for illegitimate traffic to come down our pipes. Their answer to this issue was: our routers can't handle the additional load that filtering 1918 traffic would cause.
That's odd, I didn't think routing to Null0 (or equivalent) was all that taxing, I don't want an ACL, I want it gone [...]
Null routes aren't going to stop packets with 1918 *sources* from entering your network, I'm afraid. This is where ACLs come into play. And it's quite conceivable, on a network of MCI's size, there are still peering and edge ports terminated by GSRs with engine 0 cards, or 7500s, or other hardware where bogon filtering and/or reverse-path validation really is a Big Deal(tm). -a (computing VJ's cell phone bill on the WRT54G as we speak)