nanog mailing list archives
Re: Is it time to abandon bogon prefix filters?
From: Rob Thomas <robt () cymru com>
Date: Wed, 06 Aug 2008 13:36:39 -0500
Hi, Skywing.We've had a few DDoS attacks and lots of scans and hack attempts. Some of the DDoS attacks managed to wipe out our front-end. At no point were the route-servers impacted, since we keep them well away from our networks, widely distributed, and vigorously monitored (configs, responsiveness, advertisements).
Of course we're not perfect and there is no 100% solution, but we understand the implications of filtering gone awry (especially since we use it ourselves), and spend a lot of time and code keeping an eye on these things. Knowing that no one has a monopoly on imagination, we also have some friends at commercial pen-testers hit us regularly, just to be sure. :)
Thanks, Rob. -- Rob Thomas Team Cymru http://www.team-cymru.org/ cmn_err(CEO_PANIC, "Out of coffee!");
Current thread:
- RE: Is it time to abandon bogon prefix filters? Skywing (Aug 06)
- RE: Is it time to abandon bogon prefix filters? Darden, Patrick S. (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 06)
- Re: Is it time to abandon bogon prefix filters? Sam Stickland (Aug 06)
- <Possible follow-ups>
- Re: Is it time to abandon bogon prefix filters? Eric Jensen (Aug 18)