ben,
thats right and an added benefit when one uses extended acls
any offload from the cpu is worthwhile
piranha.
>From: Ben Nagy <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
>[EMAIL PROTECTED]
>Subject: RE: how to block napster...?
>Date: Fri, 8 Sep 2000 09:52:25 +0930
>
> > -----Original Message-----
> > From: HUNGRY PIRANHA [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, 8 September 2000 9:28 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: how to block napster...?
> >
> >
> > if you really want 'napster' this thing in the bud you could
> > set a seed
> > route on the last router before going across a wan to the internet...
> >
> > ip route 64.124.41.0 0.0.0.255 null0
>
>Uh...you mean:
>
>ip route 64.124.41.0 255.255.255.0 null0
>
>But yeah - routes to null are a great trick, and faster than using ACLs to
>filter. One more example, for anyone that's interested.
>
>Say you have a large internal network that runs dynamic routing. If a
>subnet
>goes away you'll often find that packets destined for the down network get
>routed out of the default gateway. This leaks information about your
>addressing scheme into the public Internet. It's not a _huge_ worry, but
>it's untidy.
>
>A null0 route with a higher metric will solve this problem. Say you run
>network 10.x.x.x - you do this:
>
>ip route 10.0.0.0 255.0.0.0 null0 240
>
>Normal routing will work happily, but traffic to networks that have fallen
>out of the routing table will get canned.
>
>Uh, yeah. That's my boring routing example for the say. ;)
>
>Cheers,
>
>--
>Ben Nagy
>Network Consultant, Volante Solutions
>PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
