nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is it time to abandon bogon prefix filters?

From: Randy Bush <randy () psg com>
Date: Fri, 15 Aug 2008 06:42:01 -0700
In other words, our earlier estimate of 60% was way off...  you can
get 92.1% effectiveness at bogon filtering by just dropping 1918
addresses, a filter that you will never have to change.

my read is that the 60% was an alleged 60% of attacks came from *all*
bogon space.  this now seems in the low single digit percentge.  of
that, the majority is from 1918 space.

so is there any case to be made for filtering bogons on
upstream/peering ingress at all anymore?


maybe low percent is because it is effective.  maybe not

---

man walks into shrink's office waving open newspaper wildly.

shrink asks "why are you waving the newspaper?"

man replies, "it keeps the elephants away."

shrink says, "elephants?  there aren't any elephants for hundreds of
kilometers."

man replies, "pretty effective, isn't it!"

---

personal guess: i suspect that at least rfc1918 filters are worthwhile
if only because we make mistakes.

randy
Previous By Date Next
Previous By Thread Next

Current thread: