Date: Mon, 24 Jun 1996 16:17:57 +0200 (MET DST) From: guido@gvr.win.tue.nl (Guido van Rooij) To: jgreco@brasil.moneng.mei.com (Joe Greco) Cc: jkh@time.cdrom.com, hackers@FreeBSD.ORG, security@FreeBSD.ORG, ache@FreeBSD.ORG Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606241417.QAA12781@gvr.win.tue.nl> In-Reply-To: <199606241351.IAA05446@brasil.moneng.mei.com> from Joe Greco at "Jun 24, 96 08:51:39 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Greco wrote: > > > How do you install such things on a cisco 2500? :-) Seriously, if > > > there's a way then I can get someone from cisco to help me out, but I > > > first need to know that it's even a reasonable request. > > > > Put an access group *in*. On the interface to your ISP. Deny all > > packets originating from ip numbers on your internal network. > > Allow anything else. > > Better yet, do not allow just "anything" else... > > I block the RFC1597 "private internets" and 127.0.0.0/8 and 0.0.0.0/8 on > both inbound and outbound filters, in addition to blocking inbound addresses > with my network numbers.. basically they don't survive my routers :-) > We do too..but for the sake of simplicity I didn't mention the RFC1597 addresses. The 0.0.0.0/8 is new to me..what is its purpose? -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606241417.QAA12781>