North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: What were we saying about edge filtering?

  • From: Terry Baranski
  • Date: Sat Sep 06 17:56:47 2003

> > Sean Donelan wrote:
> >
> > It gets even worse.  Cisco has hard-coded the list of
> > Bogons into some of its latest low-end IOS versions as 
> > part of its "auto-secure" feature. Yes, Cisco includes 
> > warnings in the manual the user should check the official 
> > list at IANA; but I also know the power of defaults.  
> > People upgrade their IOS versions even less often then 
> > they update their Windows boxes.  So we're going to see 
> > chunks of the net blocked depending on the release date 
> > of versions of IOS.
>
> Adam Debus wrote:
>
> Do you have a reference page as to what
> platforms/releases/release trains that is being applied to?
> 
> Seems like it might be a handy list to have bookmarked. :)

Per
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_feature_
guide09186a008017d101.html, it was introduced in 12.3 mainline.  It's
anyone's guess where it will end up from there but note that it's
already in a service provider train (12.2(18)S).  So we may (or probably
will?) end up with ISP's using the bogon-list feature as well.

If one upgrades from version A of Autosecure-enabled IOS to version B of
Autosecure-enabled IOS, will the bogon-list ACLs in the device's
configuration be automatically updated?  Or will the user have to
disable and then re-enable Autosecure?  

Is this progress?  Or is this something that "seemed like a good idea at
the time"?

-Terry