nanog mailing list archives
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
From: joshua sahala <jejs () sahala org>
Date: Thu, 20 Jan 2005 13:39:47 -0500
On (20/01/05 13:20), Chris A. Epler wrote:
Whats so bad about decent secure defaults?
secure defaults are good...but there are other aspects of cisco ios which would be better suited to be disabled out of the box: redirects, proxy arp, tcp/udp small-servers, the lack of decent ssh (this is getting better), lack of receive acls on all but the big boxen, etc...these are a few things which would be better to have out of the box.
If you're implementing a new router and setting up Bogon filters you should already know that they'll need to be updated regularly
read the beginning of this thread - people implement bogon filters without keeping them up to date already. this is just another mechanism to do the same thing (but on a larger scale).
If you don't know this, then you shouldn't be in charge of said router. Am I missing something here???
in an ideal world, yes, this would be true; however we all know the reality of this. there are already secure config templates available which people follow without actually knowing the implications of. one more 'feature' in ios will go unnoticed by most, and thus will be left out of date...that was, i believe, jared's point. /joshua -- **** THIS .sig CENSORSED ****
Current thread:
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19, (continued)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 David Barak (Jan 19)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Suresh Ramasubramanian (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Jared Mauch (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Suresh Ramasubramanian (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Jared Mauch (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Suresh Ramasubramanian (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Jared Mauch (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Chris A. Epler (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 David Barak (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Rob Evans (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 joshua sahala (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Valdis . Kletnieks (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Will Hargrave (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Rob Thomas (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Charles R. Anderson (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Valdis . Kletnieks (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Suresh Ramasubramanian (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Bill Stewart (Jan 21)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Vicky Rode (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 David Barak (Jan 20)
- Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19 Joe Maimon (Jan 20)