North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: BL of Compromised Hosts?

  • From: Michel Py
  • Date: Mon Feb 23 21:40:05 2004

>> Michel Py wrote:
>> There is a regrouping of BGP feeds for various "questionable"
>> hosts and networks around AS29467; 

> william(at) wrote:
> That is actually not correct. The AS29467 will stay as being
> used for BOGON and similar data. It is quite likely that other
> ASNs would be used for other "questionable" hosts, possibly
> one for various anti-spam lists and other for yet more
> "questionable" hosts such as DoS sources, etc.

My mistake, thanks for correcting me.

> The draft is not about data sources the draft about the
> changes that need to be done to the router software in
> handing BGP that would actually allow for use of outside
> BGP feed for filtering (or marking) routes


> The draft which was originally only for bogon filtering
> during private discussions between authors it was changed
> to be more general to be used for other situations,
> unfortunetly it does still suffer from being too BOGON
> specific and when draft was sent to IDR they immediately
> complained about that too.

Indeed; however after some face to face discussion and clarified by the
presentation they did understand our intentions that the purpose was the
mechanism and not the qualification of the bogon/bad sources.

> It has been suggested that draft be rewritten and even
> more be removed from it to be less bogon specific and
> to only describe this kind of filtering in the concept
> with non-specific examples if possible.

Still on the table, although I would like have some beta code to grind
prior to rewriting... The existing draft is not nearly as bad as the
initial versions in terms of being tied to bogon filtering, but I agree
that it would be better if it was more generic.