nanog mailing list archives

Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons

From: "Robert E. Seastrom" <rs () seastrom com>
Date: Fri, 02 Mar 2007 07:12:32 -0500



Roland Dobbins <rdobbins () cisco com> writes:

On Mar 1, 2007, at 1:10 PM, Chris L. Morrow wrote:

So... again, are bogon filters 'in the core' useful? (call 'core' some
network not yours)


Antispoofing is 'static' and therefore brittle in nature, people
change jobs, etc. - so, we shouldn't do antispoofing, either?


Unicast RPF is neither static nor brittle, and we should do it.

I agree with smb though in somewhat less diplomatic terms - bogon
filtering by end sites is the sort of thing that is recommended by
"experts" for whom "security" is an end in and of itself, rather than
a component of the arsenal you bring forth (backups, DR, spares,
multihoming, etc) to improve uptime and business availability and
decrease potential risk.

For people who recommend cures that are as bad as the disease, we
recommend one of these: http://despair.com/consulting.html

                                        ---Rob

Current thread:

Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons, (continued)
- - - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Gregory Edigarov (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Peter Thoenen (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Joseph S D Yao (Mar 03)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Chris L. Morrow (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Jon Lewis (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Chris L. Morrow (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Jon Lewis (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Sean Donelan (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Roland Dobbins (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Adrian Chadd (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Robert E. Seastrom (Mar 02)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Roland Dobbins (Mar 02)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Rob Thomas (Mar 01)
  - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Roland Dobbins (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Chris L. Morrow (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Roland Dobbins (Mar 01)
  - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Steven M. Bellovin (Mar 01)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Valdis . Kletnieks (Mar 01)
  - RE: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Barry Greene (bgreene) (Mar 04)
    - Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons Steven M. Bellovin (Mar 04)