On Wed, 6 May 1998, VaX#n8 wrote: > Many if not all of the addresses in the above blocks are unused. > Affording ingress to TCP packets to which you cannot respond > seems pointless and a bit temerarious. > It may be worthwhile to generate list of all address blocks not > recently routed and construct a filter based on those. > It may also be useful to log these packets for auditing, so > you can detect if the status of a block changes. This really won't work. It may have worked if every single IP address on every single registered network were in use and reachable 100% of the time. I can pick any random registered network and find addresses on that network which aren't currently being used, or with hosts that aren't reachable (behind a firewall). - Oliver - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:46 PDT