nanog mailing list archives
RE: Is it time to abandon bogon prefix filters?
From: "Darden, Patrick S." <darden () armc org>
Date: Wed, 6 Aug 2008 13:32:42 -0400
1. DOS of Cymru (as noted below). 2. False Positives. Your network is suddenly stranded. Maybe on purpose. (DOS of a network, e.g. China or Youtube). 3. False Negatives. A bogus network is suddenly centrally rubber-stamped. Could happen. We've seen a lot of shenanigans with the domain registrars--similar issues could happen here. . . I guess I am just trying to say that a centralized trusted repository brings with it a chance for a single point of failure. Could be the pros outweigh the cons. There are issues with a de-centralized system as well (which is what brought this conversation about.) Nothing specific to Cymru. --Patrick Darden -----Original Message----- From: Skywing [mailto:Skywing () valhallalegends com] Sent: Wednesday, August 06, 2008 1:25 PM To: Patrick W. Gilmore; NANOG list Subject: RE: Is it time to abandon bogon prefix filters? Then again, it does make Team Cymru an attractive target for DoS or even compromise if they can control routing policy to a degree for a large number of disparate networks. Especially if it gets in the way of for-profit spammers. (Not trying to knock them, just providing a for consideration. I would certainly hope and expect that Team Cymru would do their due dilligance in that respect, but it seems like an attractive central point of failure to attack to me.) - S
Current thread:
- RE: Is it time to abandon bogon prefix filters? Skywing (Aug 06)
- RE: Is it time to abandon bogon prefix filters? Darden, Patrick S. (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Sam Stickland (Aug 06)
- <Possible follow-ups>
- Re: Is it time to abandon bogon prefix filters? Eric Jensen (Aug 18)