nanog mailing list archives
Re: Bogon filtering (don't ban me)
From: Jørgen Hovland <jorgen () hovland cx>
Date: Sun, 5 Dec 2004 20:57:06 +0100 (CET)
On Sun, 5 Dec 2004, Rob Thomas wrote:
Hi, NANOGers.
Hello,
] - That's only some 40% of all address space, so you need to be able to ] deal with the other 60% anyway. Why wouldn't whatever mechanism that ] deals with the 60% be unable to deal with the additional 40%? In a study of one oft' scanned and attacked site, we found that 66.85% of the source IPs were bogon (RFC1918, unallocated, etc.). You can read about it at the following URL: <http://www.cymru.com/Presentations/60days.ppt> Filtering out bogons removes yet one more potential source of badness. Does it remove all badness? Of course not. We win by degrees. Removing any tool from the bad persons' toolkit is useful.
Does it really? When I perform any type of change the most important thing for me isn't what it will prevent/help for but the opposite; What it will not prevent/help. Blocking bogons will result in that attackers use existing netblocks instead. This will again result in more insecureness since any attack will have source addresses within valid space and some people will find it harder to determine the real sources, atleast in the beginning. So any type of bogon filter like that seems to me a total waste of time. It does not really prevent anything in the long run. You may have taken the can-opener away from this bad person, but you don't really need a can-opener to open the beer anyway... correct me if I'm wrong. Joergen Hovland ENK
Current thread:
- Re: Bogon filtering (don't ban me), (continued)
- Re: Bogon filtering (don't ban me) Joe Abley (Dec 05)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Ian Dickinson (Dec 05)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 05)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 05)
- Re: Bogon filtering (don't ban me) Joe Abley (Dec 05)
- Re: Bogon filtering (don't ban me) Joe Maimon (Dec 05)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 05)
- Re: Bogon filtering (don't ban me) Iljitsch van Beijnum (Dec 05)
- Re: Bogon filtering (don't ban me) Rob Thomas (Dec 05)
- Re: Bogon filtering (don't ban me) Jørgen Hovland (Dec 05)
- Re: Bogon filtering (don't ban me) Mikael Abrahamsson (Dec 05)
- Re: Bogon filtering (don't ban me) Patrick W Gilmore (Dec 05)
- Re: Bogon filtering (don't ban me) Iljitsch van Beijnum (Dec 05)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Iljitsch van Beijnum (Dec 05)
- Re: Bogon filtering (don't ban me) Sean Donelan (Dec 05)
- Re: Bogon filtering (don't ban me) Rob Thomas (Dec 05)
- Re: Bogon filtering (don't ban me) Michael . Dillon (Dec 06)
- Re: Bogon filtering (don't ban me) Patrick W Gilmore (Dec 06)
- Re: Bogon filtering (don't ban me) Rob Thomas (Dec 05)