nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best way to get of Bogon list?

From: Jon Lewis <jlewis () lewis org>
Date: Fri, 26 Nov 2004 00:32:19 -0500 (EST)

On Fri, 26 Nov 2004 alex () pilosoft com wrote:


Can someone identify the *benefits* of using bogon lists for unallocated
space? It appears that it only hurts connectivity, but does not help in
any significant way to enhance security.


It makes people feel like they're more secure.  It may cut down slightly
on junk traffic entering their networks, but I suspect thats an
insignifigantly small amount / benefit.


Possibly, whoever are the vendors of software that recommends this
practice (and authors of security handbooks) should be show the error of
their ways?


Unfortunately, there are many sources that advocate/demonstrate how to do
these filters, some of which still have their examples out of date wrt
current IANA assignments.  The problem isn't so much the idea, but the
implementation.  Static unmaintained filters pretty much guaranteed to
become a problem at some point.

And yeah, if nobody could spoof, and everyone filtered customer BGP
announcements, there'd be no need at all (not that there really is one
now) for these filters.

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: