nanog mailing list archives
Re: Is it time to abandon bogon prefix filters?
From: Danny McPherson <danny () tcb net>
Date: Thu, 14 Aug 2008 22:55:17 -0600
On Aug 6, 2008, at 12:01 PM, Sean Donelan wrote:
Attacks or misconfigured leaks?Leaks of RFC1918 stuff is pretty common, just ask any of the root server operators how many packets they see from RFC1918 leaking networks or do atraceroute across several residential cable network backbones.Attacks aren't as common because there is enough (not 100%) anti- spoofing (good) and/or bogon-filters (not as good) in different parts of the Internet it requires more thought to launch a spoofed DDOS than it does just to use tens of thousands of non-spoofed bots to launch a DDOS.Arbor Networks has some data.
I shared some data on bogon source appearances in *observed* attacks in another email. Orthogonal of that, here's the current Infrastructure Security Survey (again: see below for participation information, if so inclined) totals for questions related to BCP 38 and uRPF application among respondents. A pointer to a complete set of data across ~70 ISPs from last years survey is provided below. (Note: it's my opinion that one should assume at least a slightly more clue-dense respondent base than the larger network operator pool - i.e., the actual BCP 38/uRPF numbers are likely lower, and you're more clueful if you complete the survey :-) -danny ----- Self-classified respondent network type (approaching 50 responses): Tier 1: 13.33% Tier 2: 28.89% Pure Content Network: 11.11% Hosting Provider: 8.89% Education or Academic Network: 13.33% Enterprise or Hybrid Network: 2.22% Other: 22.22% ---Do you employ strict uRPF or BCP 38 on the dedicated customer edge of your network?
Yes: 51.11% No: 33.33% Other: 15.56% ---Do you employ strict uRPF or BCP 38 style filters on the broadband edge of your network?
Yes: 40.00% No: 33.33% Other: 26.67% ---Do you employ uRPF or BCP 38 style filters on the peering edge of your network?
Yes: 46.67% No: 46.67% Other: 6.67% ---------------------------- [snip] Folks, The 2008 Infrastructure Security Survey is up and available for input. You can register to complete the survey at this URL: <https://www.tcb.net/survey/index.php?sid=19672&lang=en> I've added many questions this time from past participants of the survey, this should be evidenced throughout. Thanks to all those that reviewed and provided questions explicitly for this edition. The survey response window will be ~2 weeks. We hope to make the results available by the end of September at the latest. Also, please recall that NO personally (or organizationally) identifiable information will be shared in any manner. The 2007 edition of the survey is available here: <http://www.tcb.net/wisp07.pdf> Or on the Arbor web site (reg required): <http://www.arbornetworks.com/report> Thanks in advance for your participation! -danny
Current thread:
- RE: was bogon filters, now "Brief Segue on 1918", (continued)
- RE: was bogon filters, now "Brief Segue on 1918" TJ (Aug 12)
- Re: was bogon filters, now "Brief Segue on 1918" Jay R. Ashworth (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Patrick W. Gilmore (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Justin Shore (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Rob Evans (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Justin Shore (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Danny McPherson (Aug 14)
- Re: Is it time to abandon bogon prefix filters? Andree Toonk (Aug 14)
- Re: Is it time to abandon bogon prefix filters? Danny McPherson (Aug 14)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 14)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Marshall Eubanks (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)