I need a few class Cs. Hope nobody will mind if I take 192.168.0.0/20. ;) *> 192.168.22.0 144.228.71.5 0 1239 1800 1804 1128 1955 3337 ? *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ? *> 192.168.216.0 144.228.71.5 0 1239 1800 1755 1273 ? Shame on you 3337, 1794 and 1273. - david
*> 192.168.22.0 144.228.71.5 0 1239 1800 1804 1128 1955 3337 ? *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ? *> 192.168.216.0 144.228.71.5 0 1239 1800 1755 1273 ?
Shame on you 3337, 1794 and 1273.
Indeed. Since it's not my turn to be at fault for this kind of thing tonight, I guess I'll chime in with a copy of some useful goodies that Andrew Partan bestowed upon me last time CIX was caught advertising something bad: router bgp xxxx neighbor y.y.y.y remote-as zzzz neighbor y.y.y.y distribute-list 100 in neighbor y.y.y.y distribute-list 101 out access-list 100 deny ip host 0.0.0.0 any access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 access-list 100 deny ip any 255.255.255.128 0.0.0.127 access-list 100 permit ip any any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 101 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 101 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 access-list 101 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 101 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 101 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 101 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 101 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 101 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 101 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 access-list 101 deny ip any 255.255.255.128 0.0.0.127 access-list 101 permit ip any any These are currently identical, but they're split into separate access-list's in case the sending restrictions and the receiving restrictions ever have cause to differ. Note that everybody who's anybody uses peer groups rather than duplicating this for every peer, but I'm the wrong person to try to explain peer groups so the above was intentionally kept at my "grunt, poke, listen" level.
I need a few class Cs. Hope nobody will mind if I take 192.168.0.0/20. ;)
*> 192.168.22.0 144.228.71.5 0 1239 1800 1804 1128 1955 3337 ? *> 192.168.100.0/22 144.228.71.5 0 1239 1794 ? *> 192.168.216.0 144.228.71.5 0 1239 1800 1755 1273 ?
Shame on you 3337, 1794 and 1273.
- david
Now why would 1239 advertize well known private address space? -- --bill Key fingerprint = FA 2A 63 DA 63 2E CB DB 26 2F 7A 12 B1 07 7D 68
participants (3)
-
bmanning@isi.edu
-
David J. Sharp
-
Paul A Vixie