nanog mailing list archives
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
From: Curtis Doty <Curtis () GreenKey net>
Date: Thu, 20 Jan 2005 08:38:28 -0800 (PST)
11:02am Daniel Golding said:
Is there an RFC or other standards document that clearly states that static bogon filter lists are a bad idea? While this seems like common sense, there
Since this keeps coming up. I'll toss my quick and dirty reminder cronjob into the discussion. I cannot imagine any other way of managing the static bogons published on the Team Cymru web site. (For those of us who don't need to run their many other dynamic options.) Copying a static config wholesale is a classic case of myopic thinking. $ cat /etc/cron.monthly/ckbogons.sh #!/bin/bash bnagg=http://www.cymru.com/Documents/bogon-bn-agg.txt # make a new bogon list from the web newbog=`mktemp` || exit 1 wget -qO- $bnagg |awk '{print "any net " $1 "\treject"}' >$newbog # get current list from our static-route config oldbog=`sed -ne '/^any.*reject$/,/^$/p' /etc/sysconfig/static-routes` # commpare #echo "$oldbog" |cdiff - $newbog echo "$oldbog" |diff -uw - $newbog rm -f $newbog Obviously it's for a linux edge using Red Hat style initscripts. But the basic gist is sound; alert the admin whenever we are out of sync. And an expect script could easily be whipped up for monitoring IOS/whatever other static bogons one has installed. Admins who choose the *static* bogon list should use this technique of self-control. ../C
Current thread:
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19, (continued)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Charles R. Anderson (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Valdis . Kletnieks (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Suresh Ramasubramanian (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Bill Stewart (Jan 21)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Vicky Rode (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 David Barak (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Joe Maimon (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Rodney Dunn (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Daniel Golding (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Curtis Doty (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Chris Kuethe (Jan 20)
- RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Christopher L. Morrow (Jan 20)
- RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Christopher L. Morrow (Jan 20)
- RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Hank Nussbacher (Jan 20)
- RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Rob Thomas (Jan 21)
- RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Christopher L. Morrow (Jan 20)