nanog mailing list archives
Re: Bogon filtering
From: Patrick W Gilmore <patrick () ianai net>
Date: Fri, 3 Dec 2004 15:04:15 -0500
On Dec 3, 2004, at 1:36 PM, Rob Thomas wrote:
] In a sense, Rob is a hacker who has installed his ] rootkit into the IANA/RIR system. He was only able ] to do so because the IANA and RIRs were not paying ] enough attention to their interfaces, thus creating ] a grey area which Cymru is filling. Wow! I've at last achieved mad leet status. Thanks. :)
You were that WAAAAAY long ago!And with all due respect to Michael (hi, Michael, long time no type :), you are neither a hacker nor a threat.
First: The Internet runs on trust. We Trust Team Cymru.Secondly (especially for those who are .. uh .. uninitiated enough to trust team Cymru), it is much easier to protect our trust in the bogon filter than, say, large peers. Everyone talks about registering routes, but how many people actually do it? Not enough. So, people peer at their borders and allow 10s or even 100s of outside ASes "control" their routing.
With the bogon filters, one can take today's snapshot, create a filter list and apply. As bogons go away (CIDRs get allocated), the BGP feed will still work. But if Cymru "messes up" and slips a full feed into the bogon feed, nothing bad will happen. (In fact, you might want to put a sample cisco & Juniper ACL from today's feed on the web site - just a suggestion, I'm sure most people here can do it themselves.)
Also, I _LIKE_ getting the information through BGP. The Border Gateway Protocol was specifically designed to allow separate (autonomous) entities to pass routing data. That is _exactly_ what we are doing with the bogon feed.
Just my $0.00002. (And I won't even ask not to be banned. :) -- TTFN, patrick
Current thread:
- Bogon filtering (don't ban me) J. Oquendo (Dec 02)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 02)
- Re: Bogon filtering (don't ban me) Hank Nussbacher (Dec 02)
- Re: Bogon filtering (don't ban me) Jeroen Massar (Dec 03)
- Re: Bogon filtering (don't ban me) Jon Lewis (Dec 03)
- Re: Bogon filtering (don't ban me either) Jerry Pasker (Dec 03)
- Re: Bogon filtering (don't ban me) Hank Nussbacher (Dec 02)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 02)
- Re: Bogon filtering (don't ban me) Christopher L. Morrow (Dec 02)
- Re: Bogon filtering Jeroen Massar (Dec 03)
- Re: Bogon filtering Michael . Dillon (Dec 03)
- Re: Bogon filtering Rob Thomas (Dec 03)
- Re: Bogon filtering Patrick W Gilmore (Dec 03)
- Re: Bogon filtering Michael . Dillon (Dec 03)
- <Possible follow-ups>
- RE: Bogon filtering (don't ban me) Mark Segal (Dec 03)
- IBM --- Bogon filtering Majid Farid (Dec 03)
- RE: Bogon filtering (don't ban me) Hank Nussbacher (Dec 04)
- RE: Bogon filtering (don't ban me) Rob Thomas (Dec 04)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Joe Abley (Dec 05)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Ian Dickinson (Dec 05)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 05)