|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: 69/8...this sucks -- Centralizing filtering..
On Mon, 10 Mar 2003, Todd A. Blank wrote: > I continue to agree that moving critical resources (see below) to these > new blocks is the best approach I have seen or heard in the months since > I made the original post. This approach punishes the clueless instead > of the people that already know what the problem is (and have to live > with it every day). I think this illustrates very well that the concept of filtering on statically configured IP address ranges is severely broken and needs to be replaced with something better. Fortunately, in this particular case there is a solution on the horizon: S-BGP or soBGP. These BGP extensions authenticate all prefix announcements, so there is no longer any need to perform bogon filtering on routing information. uRPF can then be used to filter packets based on the contents of the routing table. In the mean time, I think we need a good best practices document. Way too many people simply don't know about these kinds of issues, or worse, know only half, and having a single, authorative set of guidelines would be extremely helpful, even if it doesn't magically make the problem disappear. > I have seen this suggestion once before (maybe even by Jon) and I still > think it is the best way things will get resolved quickly. > Maybe we should suggest that ARIN also host some of their stuff on this > block :-) Or maybe list the offending IP addresses/ranges in the anti-spam lists? This should get people's attention without breaking too much important stuff (who needs email anyway).
|