After a couple years of getting hammered by the same subnets over and over, and having
all complaints systematically Ignored, we finally put in border router ACL's filtering
all traffic from the offending networks. Now the traffic never even shows up in the
firewall logs.
Here are some of the networks we filter (not inclusive):
Access-list 1 deny 216.0.0.0 0.252.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
Access-list 1 permit 0 0
This is your standard Cisco IOS ACL. that blocks all the RFC1918 (private) address
spaces (plus 216.0.0.0 which I think is @home or some other perpetually offensive ISP)
We also filter all of 210.0.0.0, and 211.0.0.0, which are a bunch of APNIC registered
networks (ASIA) because of a history of abuse. There are also several European (RIPE)
networks we filter (one that comes to mind is Romania) for the same reasons..
cheers..
7
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
