nanog mailing list archives
Re: ARIN to Allocate from 64.0.0.0/8
From: Kai Schlichting <kai () pac-rim net>
Date: Wed, 10 Nov 1999 12:01:54 -0500
At 11:50 AM 11/10/99 -0500, Richard A Steenbergen <ras () above net> wrote:
I might almost be happy, except this breaks the oh-so-nice filter of 64.0.0.0/2 at borders (effectively reduces random src spoofed attacks by 25%, and covers 127.0.0.0/8 as well). Go ARIN. </sarcasm>
One line becomes two in your ACL ? ip permit 64.0.0.0/8 ip deny 64.0.0.0/2 The CPU loss for one more ACL line is probably offsetting the gains of spoofed traffic pretty well. That will even scale for a little while, at least for /9 and /10 in the permit line, before you seriously have to think about how much still-unallocated space you will gratutiously allow through your ACL. bye,Kai
Current thread:
- ARIN to Allocate from 64.0.0.0/8 Richard Jimmerson (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Richard Steenbergen (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Kai Schlichting (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Richard Steenbergen (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Steve Rubin (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Bruce Campbell (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Steve Rubin (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 bmanning (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Kai Schlichting (Nov 10)
- Re: ARIN to Allocate from 64.0.0.0/8 Richard Steenbergen (Nov 10)
- <Possible follow-ups>
- Re: ARIN to Allocate from 64.0.0.0/8 Aleksi Suhonen (Nov 20)