nanog mailing list archives
Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
From: Adrian Chadd <adrian () creative net au>
Date: Fri, 2 Mar 2007 12:25:52 +0800
On Thu, Mar 01, 2007, Roland Dobbins wrote:
On Mar 1, 2007, at 1:10 PM, Chris L. Morrow wrote:So... again, are bogon filters 'in the core' useful? (call 'core' some network not yours)Antispoofing is 'static' and therefore brittle in nature, people change jobs, etc. - so, we shouldn't do antispoofing, either? Enterprises typically don't do this stuff. They should, and we work to educate them, but it's even more difficult in that space than in the SP space. A question I have is whether or not this class of problems is more of a 'need the vendors to come up with better/easier functionality' type of problem, a 'need the SPs to do a better job with this' kind of problem, or is it more in the realm of a 'TCP/IP in its current incarnation(s) lends itself these kinds of issues' type of problem?
As stuff like Ironport shows - you'll probably have better market penetration by making a little knob labelled "filter unknown and unallocated IP prefixes (default on)" on a nice shiny firewall appliance/blade and charge the enterprise $150pm to keep this up to date. (Then another for "filter hosts actively involved in hacking attempts" for another $300 pm.) (And, finally, "check active IP(s) that I'm transiting against the various list(s) of botnet and CERT related activities, send SNMP trap when matches are found" for even more.) Adrian
Current thread:
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons, (continued)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Jon Lewis (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Gregory Edigarov (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Peter Thoenen (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Joseph S D Yao (Mar 03)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Jon Lewis (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Chris L. Morrow (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Jon Lewis (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Chris L. Morrow (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Jon Lewis (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Sean Donelan (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Roland Dobbins (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Adrian Chadd (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Robert E. Seastrom (Mar 02)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Roland Dobbins (Mar 02)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Rob Thomas (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Chris L. Morrow (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Roland Dobbins (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Valdis . Kletnieks (Mar 01)
- Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Steven M. Bellovin (Mar 04)