nanog mailing list archives
Re: Is it time to abandon bogon prefix filters?
From: Sean Donelan <sean () donelan com>
Date: Fri, 15 Aug 2008 10:52:15 -0400 (EDT)
On Fri, 15 Aug 2008, Steven M. Bellovin wrote:
Martians plus 1918 space, I'd say, though that requires knowing which are border interfaces.
Whether you include or exclude rfc1918 addresses is another issue. Whack the martians first :-)
Unfortunately, enough ISPs use rfc1918 addresses on their backbone links filtering rfc1918 also breaks traceroute (* * *) and people use rfc1918internally enough that rfc1918 requires more professional thought about configuring those filters.
From an operational perspective, whacking martians has fewer caveats for
amateur network operators or default equipment configuration settings.
Other than that, I agree 100% -- bogon filters have little security relevance for most sites. Furthermore, as the allocated address space increases, the percentage of actual bogon space decreases and the rate of false positives -- packets that are rejected that shouldn't be -- will increase. Security? Remember that availability is a security issue, too.
Violent agreement.
Current thread:
- Re: Is it time to abandon bogon prefix filters?, (continued)
- Re: Is it time to abandon bogon prefix filters? Steven M. Bellovin (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 16)
- Re: Is it time to abandon bogon prefix filters? Joe Malcolm (Aug 15)
- RE: Is it time to abandon bogon prefix filters? Ray Burkholder (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 16)
- RE: Is it time to abandon bogon prefix filters? michael.dillon (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Jeff Aitken (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Steven M. Bellovin (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Laurence F. Sheldon, Jr. (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 16)
- Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 17)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 17)
- RE: Is it time to abandon bogon prefix filters? michael.dillon (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Jared Mauch (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 18)