Re: dealing with bogon spam ?

[Jeroen Massar <jeroen () unfix org>]

Leslie wrote:
> John Kristoff wrote:
> > I suppose if there is interest and a need we could do this.  Shoot
> > myself or the team (info () cymru com)  a note off list if you have
> > thoughts on the matter or simply want to provide some feedback into
> > such a service and how it might best be used.  We're always on the look
> > out for things we can do to help.
>
> My big issue isn't the larger blocks, it's the smaller unallocated
> blocks - which anyone with a not-too-strict transit provider could
> easily steal and abuse.  Getting the allocated space is just another way
> of finding the smaller unallocated blocks (with a bit of extra work)

The problem though with BGP is that when you have say a NonAllocatedFeed
containing 10.0.0.0/8 then when somebody else announced 10.1.2.0/24 (or
any other more specific) it will perfectly work. Unless you are able to
pull of some tricks in hardware based routers (software based ones you
can of course modify to do whatever you want but might not be the right
thing to run in some scenarios).

As such, pulling the delegated files and generating prefix filters
yourself, which you most likely have anyway for things like blackholing
prefixes you otherwise also don't want to talk too....

And don't forget to source-filter those prefixes too :)

Greets,
 Jeroen

Attachment: signature.asc
Description: OpenPGP digital signature