nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons

From: "Jason Frisvold" <xenophage0 () gmail com>
Date: Sun, 4 Mar 2007 15:48:03 -0500

On 3/2/07, Roland Dobbins <rdobbins () cisco com> wrote:

No one has done the digging required to answer any of these
questions, unfortunately.


Can you get a valid answer to this based on the existence of BCP38?
What I mean is, if your upstream is filtering bogons, you can't get a
good read on the amount of "bad" traffic sourcing from "illegal"
addresses.  However, I'm sure it's there.  If we stop filtering
so-called "bad" addresses, I'm sure that the attacks from those
addresses will increase when it's realized that the filters are gone.

I agree with others in that you can't stop looking for old attacks
just because they don't happen much anymore.  But we can improve the
ways we look.  uRPF is definitely a dynamic option, but as I
understood it, there were issues with using it on multi-homed networks
with asynchronous routing.  Granted, it has been some time since I've
looked at uRPF.

I think something like the Cymru bogon route server is great, but I'm
not a very trusting person when it comes to something like that.  I
don't like giving up that level of control.  Of course, at some point,
I suppose have to trust something...

I definitely believe in filtering both bogons and RFC 1918 space, it's
just a management issue that has to be dealt with.


-----------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice


--
Jason 'XenoPhage' Frisvold
XenoPhage0 () gmail com
http://blog.godshell.com
Previous By Date Next
Previous By Thread Next

Current thread: