Re: Checking bogon status of new address space

["Robert E. Seastrom" <rs () seastrom com>]

James Hess <mysidia () gmail com> writes:

> > 29/256 = 11% of the available address space.  My argument is, if
> > someone is scanning you from random source addresses blocking 10%
> > of the scan traffic is reaching a point of very little return for
> > the effort of updating the address lists, and as we all know it is
> > getting smaller and smaller.
>
> Granted, if the filters aren't updated very frequently, they're pretty bad.

That's the usual state of affairs, unfortunately.

> But.. I would suggest, basically, filtering bogons is still great and
> pretty important, it serves as an ongoing deterrant against random
> unruly networks trying to pick up the unassigned  addresses, or
> treating the space as  "Up for grabs" just because some space  happens
> to be unannounced (and unassigned).

Gotta agree with Leo here.  We can't even get people to implement
BCP-38, which is nine years old for crying out loud.  The deployment
level at which bogon filtering is a deterrent to squatting is quite a
bit higher from the point at which it becomes an issue to legitimate
users.

I've considered static bogon filters to be a Worst Current Practice
for years.  If you feel you absolutely must engage in the practice use
a dynamic feed like Cymru's, but honestly, just let it go.

-r