> -----Original Message-----
> From: HUNGRY PIRANHA [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 8 September 2000 9:28 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: how to block napster...?
>
>
> if you really want 'napster' this thing in the bud you could
> set a seed
> route on the last router before going across a wan to the internet...
>
> ip route 64.124.41.0 0.0.0.255 null0
Uh...you mean:
ip route 64.124.41.0 255.255.255.0 null0
But yeah - routes to null are a great trick, and faster than using ACLs to
filter. One more example, for anyone that's interested.
Say you have a large internal network that runs dynamic routing. If a subnet
goes away you'll often find that packets destined for the down network get
routed out of the default gateway. This leaks information about your
addressing scheme into the public Internet. It's not a _huge_ worry, but
it's untidy.
A null0 route with a higher metric will solve this problem. Say you run
network 10.x.x.x - you do this:
ip route 10.0.0.0 255.0.0.0 null0 240
Normal routing will work happily, but traffic to networks that have fallen
out of the routing table will get canned.
Uh, yeah. That's my boring routing example for the say. ;)
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
