nanog mailing list archives

Re: Is it time to abandon bogon prefix filters?

From: "Robert E. Seastrom" <rs () seastrom com>
Date: Fri, 15 Aug 2008 11:54:48 -0400


Randy Bush <randy () psg com> writes:

Again, I think bogon filters are a bad idea for unmanaged or
semi-managed routers (or inclusion as a "default" in anything,
i.e. Cisco's auto-secure).


You make a very good point about the difference between routers that
are being routinely maintained by highly clueful people and routers
that are in the field and untouched/unloved for months to years at a
time.


in the field != untouched/unloved


That's why I used the conjunction "and".

i contend that all one's routers should be rigorously configured as
programmatically as possible.


Not sure what you mean by this, but the painful reality is that most
stuff, once deployed, gets promptly forgotten about, much the same as
you might ignore a wall wart power supply under your desk until it
started smelling funny or stopped delivering electricity.  Thus, I
contend that one's routers should be configured to avoid ticking time
bombs.  As smb so eloquently just asserted, "availability is a
security issue too".

-r

Current thread:

Re: Is it time to abandon bogon prefix filters?, (continued)
- - - Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 14)
    - Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Marshall Eubanks (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Laurence F. Sheldon, Jr. (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Steven M. Bellovin (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
    - RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 16)
    - Re: Is it time to abandon bogon prefix filters? Joe Malcolm (Aug 15)
    - RE: Is it time to abandon bogon prefix filters? Ray Burkholder (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 16)
    - RE: Is it time to abandon bogon prefix filters? michael.dillon (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Jeff Aitken (Aug 18)

(Thread continues...)