North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Bogon filtering (don't ban me)

  • From: David Barak
  • Date: Fri Dec 03 10:11:46 2004

--- "J. Oquendo" <[email protected]> wrote:

> I thought about it over and over, and wonder why
> this hasn't been done.
> Any care to beat me with a clue stick or two. I can
> understand the
> arguments of not wanting a vendor to have control of
> some aspect of my
> business, or control over my network, but correct me
> if I am wrong,
> wouldn't this solve a heck of a lot of issues
> concerning network based
> attacks, spam, scumware/spyware/fooware/$*something?

Vendor C has something similar, in their "autosecure"
feature.  However, the trouble is that the list of
bogon networks is static, and in fact includes 70/8
among many others.  This is (I'm certain) contributing
to the reachability issues that those folks with new
netblocks experience.

A better implementation would be for vendors to
include a "bogon-subscribe server x.x.x.x" feature,
which would simply allow a router to talk to a
centralized bogon server.  

However, the complexity of setting up the real-time
BGP bogon feeds is not that hard - anyone who would
use the above command could do it - so I'm not sure
that this requires any new tools.

=====
David Barak
-fully RFC 1925 compliant-


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250