nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]

From: Michael.Dillon () btradianz com
Date: Fri, 10 Nov 2006 13:24:58 +0000


If there were some way to have a feed of real bogons,
i.e. address prefixes that are *KNOWN* to be bogus at
the point in time they are in the feed, that would be
useful for filtering. And it would likely be a best practice
to use such a feed.

But at the present time, such a feed does not exist.


http://www.cymru.com/BGP/bogon-rs.html


That is not a feed of routes that are known to be bogus.
That is a feed of routes that use addresses which have 
not been allocated by IANA to an RIR. There are many 
bogus routes that are not included in the Cymru feed.

For instance,
RIR address ranges that have not yet been allocated
ISP address ranges that have not yet been assigned
Assigned address ranges that are not announced by
the assignee. Address ranges from which a high
percentage of the traffic is SPAM, i.e. a network
owned by spammers.

I am arguing that it is better to start with a database
that allows several attributes, both negative and positive,
to be associated with address ranges. Then build a feed
from that, in fact, allow the user to specify which attributes
they want in their feed. One size fits all just doesn't work.

--Michael Dillon
Previous By Date Next
Previous By Thread Next

Current thread: