nanog mailing list archives
Re: Is it time to abandon bogon prefix filters?
From: Rob Thomas <robt () cymru com>
Date: Thu, 07 Aug 2008 16:38:47 -0500
Hi, NANOG (he says with a shout)!
btw, patrick neglected the last sentences of that paragraph, which made me wonder what rob would actually say. luckily, in response to my post, rob replied that he/they would try to get some useful measures in the near term. i am patient.
Yep yep, have some results at last. Sorry, the queries took a bit longer than planned.
Note that the study I conducted which populated the "60 Days of Basic Naughtiness" presentation is now years old. Such studies, like me, don't necessarily age well. :)
This is not meant to replace a more comprehensive and clueful study by the likes of Vern, Stefan, and the CAIDA crew. As folks may know we have a large Darknet[1] project. In there we collect the scanning activity of malware, backscatter, and the like. Often we can tie the scanning pattern to a family of malware or maltool.
If the source of a scan or probe is a bogon, we tag it that way in our data store. I went back to 2008-01 and found the following percentages of bogons in our data:
2008-01: 0.001095262% 2008-02: 0.001759343% 2008-03: 0.001619555% 2008-04: 0.001433908% 2008-05: 0.001182351% 2008-06: 0.130534559% 2008-07: 0.002327683% 2008-08: 0.001258054% (thus far)That's not a lot of bogon activity in the Darknets, though Darknets are only one measure of malevolent traffic. Your mileage may vary, etc.
[1] <http://www.team-cymru.org/Services/darknets.html> Thanks, Rob. -- Rob Thomas Team Cymru http://www.team-cymru.org/ cmn_err(CEO_PANIC, "Out of coffee!");
Current thread:
- Re: Is it time to abandon bogon prefix filters?, (continued)
- Re: Is it time to abandon bogon prefix filters? Jared Mauch (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Marshall Eubanks (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Mark Andrews (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Patrick W. Gilmore (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Patrick W. Gilmore (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Niels Bakker (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Patrick W. Gilmore (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Patrick W. Gilmore (Aug 06)
- RE: Out of Date Bogon Prefix Nick Downey (Aug 06)