|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: 69/8...this sucks
On Mon, 10 Mar 2003, Frank Scalzo wrote: > We don't need the adminstrative headache of ICANN/ARIN/RIRs on this. > Someone could just do it with a private ASN and advertise the route with > an arbitrarily null routed next-hop. That's a non-solution that will never happen. How many networks are going to trust joe somebody to inject null routes into their backbone? Will UUNet/Sprint/C&W/Level3/etc. trust me or Rob to tell them what's a bogon and what's not? I really doubt it. They might have an easier time trusting their local RIR, but I wouldn't be surprised if they didn't. I realize this sort of thing worked early on with the RBL, but that was for a different purpose. For those who took the RBL via BGP, I suspect the benefit of blocking spammers from their networks outweighed the risk of RBL abuse and people trusted Vixie to be objective and honest. > That doesn't solve the problem of bad filters on firewalls. Several people pointed that out earlier. Botched / outdated firewall configs may be a bigger problem than BGP filters. For a glimpse at why, see http://groups.google.com/groups?q=69.0.0.0%2F8&ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Search > The problem is lots of books/webpages/templates/etc. say filter bogons. > People not smart enough to understand the responsibilities of doing so > implement it and forget it. Instead of trying to beat up on the large Worse is that there are pages and pages full of links to usenet posts with these outdated bogon filters. Books and web pages can be updated. The usenet archive isn't going away and won't be revised. People who don't know any better are going to continue to misconfigure bogon filters indefinitely unless something is done to periodically whack some sense into them. > Funny the media gets all excited about BGP security and dDos attacks > against a root nameserver yet no one ever seems to mention the real > scalability issues like that we can't allocate large parts of the net > because many network operators aren't bright enough to update filters. I know some writers watch nanog for potential stories. Wake up guys, this should be one...if not for the news value "ARIN gives out unusable IPs, future of the Net in question", then at least for the public service value of getting the word out that bogon filters need to be maintained and kept up to date or they do more harm than good. ---------------------------------------------------------------------- Jon Lewis *[email protected]*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|