TCP/IP Solution  «Prev 

Protect IP traffic with filters

Route filtering

Through this process, certain routes are not considered for inclusion in the local route database. Filters can be applied at the routers,
  1. (output filtering) before the routes are announced or
  2. (input filtering)as soon as a route is learned .
There are different reasons for filtering: To ensure that the use of (RFC 1918) private address space does not leak out into the global Internet, networks should block these prefixes in both their output and input filtering. When a site is multihomed, announcing non-local routes to a neighbour different from the one it was learned from amounts to advertising the willingness to serve for transit. This is undesirable, unless suitable agreements are in place. You can avoid this issue by applying output filtering on these routes.
An ISP will typically perform input filtering on routes learned from a customer to restrict them to the addresses actually assigned to that customer. Doing so makes address hijacking more difficult.

Similarly, an ISP will perform input filtering on routes learned from other ISPs to protect its customers from address hijacking. In some cases, routers have insufficient amounts of main memory to hold the full global BGP table. By applying input filtering on prefix length (eliminating all routes for prefixes longer than a given value), on AS count, or on some combination of the two, the local route database is limited to a subset of the global table.
This practice is not recommended, as it can cause sub-optimal routing or even communication failures with small networks, and frustrate the traffic-engineering efforts of one's peers. In the past, route filtering was also used to prevent IPv4 blocks that are not yet delegated by IANA, commonly called bogon address space. As IANA has depleted its available IPv4 address space, this practice is no longer needed. Some networks are now blocking IPv4 prefixes that are being held at the Regional Internet Registries (RIR) and not yet delegated to any network. As RIRs delegate resources on a daily basis, this practice requires a daily update to the route filter. Unless a network has an automated and reliable tool to check the RIR databases, it is best not to perform this level of route filtering.

TCP Port 80 is the HTTP server port. If you want to create a connection to a Web server, the request is made to the socket represented by the destination Web server's IP address and port 80 at that IP address. If you enabled filtering and wish to allow traffic to the default Web server port, create a filter for TCP Port 80

TCP Port 21 is the FTP control port. You can connect to an FTP server by targeting the request to the IP address of the FTP and its TCP Port 21. If you enabled filtering and wish to allow traffic to the default FTP server conrol port, create a filter for TCP Port 21.

TCP Port 23 is the Telnet application port. If you wish to establish a Telnet session with a Telnet server, you send the request to the IP address of the Telnet server for TCP Port 23. If you enabled filtering and wish to allow traffic to the default Telnet port, create a filter to allow traffic through TCP Port 23.

TCP Port 25 is the Simple Mail Transfer Protocol (SMTP) port. If you wish to connect ot a SMTP server, you send a request to the server's IP address and to TCP Port 25.

TCP Port 110 is the POP3 port. If you wish to connect to a POP3 server, you send the request to the IP address of the POP3 server and to TCP Port 110.