> -----Original Message-----
> From: Paul D. Robertson [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, 10 February 2001 12:22
> To: Mark Teicher
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Getting hit from 10.1.1.169
>
>
> On Fri, 9 Feb 2001, Mark Teicher wrote:
>
> > If your upstream provider or Service Provider does not
> filter private
> > addresses, ask them to do so, and suggest the following
> filter changes to them
> >
> > !Block RFC 1918 on inbound interface from Service Provider
> > access-list 150 deny ip 10.0.0.0 0.255.255.255 255.0.0.0
> 0.255.255.255
> > access-list 150 deny ip 127.0.0.0 0.255.255.255 255.0.0.0
> 0.255.255.255
> > access-list 150 deny ip 172.16.0.0 0.15.255.255 255.240.0.0
> 0.15.255.255
> > access-list 150 deny ip 192.168.0.0 0.0.255.255 255.255.0.0
> 0.0.255.255
>
> If anyone's applying this on their border router or asking an
> ISP to do
> so, *please* *please* *please* also apply it outbound on the external
> interface.
Amen.
[snip]
>
> Also, it's worth adding the default PnP DHCP address range
> (which I don't
> have handy at the moment) to the list.
169.254.0.0/16, isn't it?
> I'd also add stuff
> sourced from
> 0.0.0.0 and 255.n.n.n.
[snip]
> Paul
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
