nanog mailing list archives
Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]
From: Stephen Wilcox <steve () telecomplete co uk>
Date: Fri, 10 Nov 2006 13:50:28 +0000
On Fri, Nov 10, 2006 at 12:54:28PM +0000, Michael.Dillon () btradianz com wrote:
The craziest stuff that gets announced isnt in the reserved/unallocated realm anyway so the effort seems to be disproportional to the benefits... and most issues I read about with reserved space is packets coming FROM them not TO them....Steve's 100% spot-on here. I don't have bogon filters at all and it hasn't hurt me in the least. I think the notion that this is somehow a good practice needs to be quashed.I think there is a terminology problem here. People think that "bogons" means "bogus routes". From that they infer that bogus routes should be filtered and use the Cymru feed because it seems to be a no-brainer. The problem arises because the Cymru feed only contains the low-hanging fruit. It only refers to address ranges that *might* be bogus and which are easy to identify. The problem is that if you pick this fruit, it soon goes rotten and you end up filtering address ranges which are in use and almost certainly not bogus. If there were some way to have a feed of real bogons, i.e. address prefixes that are *KNOWN* to be bogus at the point in time they are in the feed, that would be useful for filtering. And it would likely be a best practice to use such a feed. But at the present time, such a feed does not exist. Also, I think that anyone contemplating creating a new feed should give some thought to what they are doing. It would be very useful to have a feed or database which can assign various attributes to address ranges. When there is only one possible attribute, bogon, then the meaning of the attribute gets stretched and the feed becomes useless. But if there are many attributes such as UNALLOCATED, UNASSIGNED, DOS-SOURCE, SPAM-SOURCE, RIR-REGISTERED then it starts to look interesting. Some networks might like to filter based on several attributes, others will just filter those with the DOS-SOURCE attribute.
how about PORN-SOURCE, COMMUNIST-SOURCE, DEMOCRACY-SOURCE, TERRORIST-SOURCE, RIGHT-WING-CHRISTIAN-SOURCE, COURT-ISSUED-LIBEL-CASE-SOURCE be careful before you open such a pandoras box... will this scale? who will want to use it? can it be exploited? what sort of liability do you take on by becoming responsible for policing the Internet? Steve
Current thread:
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link], (continued)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] steve (Nov 10)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Stephen Wilcox (Nov 10)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Robert E. Seastrom (Nov 09)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Deepak Jain (Nov 09)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Niels Bakker (Nov 09)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Robert E. Seastrom (Nov 09)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Tony Finch (Nov 10)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Stephen Wilcox (Nov 10)
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
- Message not available
- Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] steve (Nov 09)