nanog mailing list archives
Re: Is it time to abandon bogon prefix filters?
From: Sean Donelan <sean () donelan com>
Date: Thu, 21 Aug 2008 20:18:37 -0400 (EDT)
On Mon, 18 Aug 2008, Danny McPherson wrote:
All the interesting attacks today that employ spoofing (and the majority of the less-interesting ones that employ spoofing) are usually relying on existence of the source as part of the attack vector (e.g., DNS cache poisoning, BGP TCP RST attacks, DNS reflective amplification attacks, etc..), and as a result, loose mode gives folks a false sense of protection/action.
Yep. Same thing with bogon filters. Any attacker which can source packets with bogon addresses, can by definition, source packets withany "valid" IP address too. Great as an academic exercise, but the bad guys are going to send evil packets without the evil bit nor using bogon addresses. If the bad guys are using spoofed addresses, they don't care about the reply packets to either valid or unallocated addresses.
However, seeing packets with unallocated IP addresses on the Internet is evidence of a broken network. Just like when a network trips "max prefix" on a BGP session, shouldn't a broken network be shutdown until the problem is fixed. If you don't want to risk your networkpeers turning off the connections, make sure your network doesn't source spoofed packets.
Current thread:
- Re: Is it time to abandon bogon prefix filters?, (continued)
- Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 17)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 17)
- RE: Is it time to abandon bogon prefix filters? michael.dillon (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Jared Mauch (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Sam Stickland (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Nathan Ward (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Chris Adams (Aug 18)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Danny McPherson (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 21)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 24)
- Re: Is it time to abandon bogon prefix filters? Valdis . Kletnieks (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Chris Marlatt (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Valdis . Kletnieks (Aug 25)
- RE: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 26)
- Re: Is it time to abandon bogon prefix filters? Kevin Loch (Aug 19)
- Re: Is it time to abandon bogon prefix filters? Pekka Savola (Aug 19)
- Re: Is it time to abandon bogon prefix filters? Kevin Loch (Aug 20)
- Re: Is it time to abandon bogon prefix filters? Jo Rhett (Aug 21)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 21)