Re: Why blocking bogons buys you nothing

[Mikael Olsson <mikael.olsson () clavister com>]

Brian Ford wrote:
> Maybe your provider is just doing a very good job
> of blocking Bogons before they reach you?

Eric Vyncke wrote similarily:
> May be the small amounts of bogons can be explained by an upstream 
> ISP filtering them ;-)

If this is the case, they are doing a very .. um.. "random" job
of blocking bogons.

The /8 distribution in my original posting alone suggests otherwise. 
You can also peruse the raw data that I helpfully provided a link to.

Doing a quick time distribution of this data, I get:

Month    /8s seen   Packets
-----    --------   -------
2002-11  29         3671
2002-12  30         3154
2003-01  42         2227
2003-02  35         6003
2003-03  34         1663
2003-04  31         2063
2003-05  39         515
  (note that may is incomplete)


Brian Ford wrote:
> http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45-eof-geoff.pdf

This is good work, but it concerns registries, backbones and BGP 
exchanges, where bogon tracking and blocking can be much more 
rewarding.

My intended target audience is the average firewall admin.
Maybe I was unclear in that respect. I have updated the 
online copy to reflect this fact.


Don't get me wrong; researching bogons is interesting. 
- Who's doing it? 
- Why? 
- If they involve two-way communication: how are they doing it?  
But in my experience, it's not something that the average firewall 
admin should be doing, or, indeed, even has anything to gain from.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards