North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Bogon filtering

  • From: Patrick W Gilmore
  • Date: Fri Dec 03 15:06:20 2004

On Dec 3, 2004, at 1:36 PM, Rob Thomas wrote:

] In a sense, Rob is a hacker who has installed his
] rootkit into the IANA/RIR system. He was only able
] to do so because the IANA and RIRs were not paying
] enough attention to their interfaces, thus creating
] a grey area which Cymru is filling.

Wow!  I've at last achieved mad leet status.  Thanks.  :)
You were that WAAAAAY long ago!

And with all due respect to Michael (hi, Michael, long time no type :), you are neither a hacker nor a threat.

First: The Internet runs on trust. We Trust Team Cymru.

Secondly (especially for those who are .. uh .. uninitiated enough to trust team Cymru), it is much easier to protect our trust in the bogon filter than, say, large peers. Everyone talks about registering routes, but how many people actually do it? Not enough. So, people peer at their borders and allow 10s or even 100s of outside ASes "control" their routing.

With the bogon filters, one can take today's snapshot, create a filter list and apply. As bogons go away (CIDRs get allocated), the BGP feed will still work. But if Cymru "messes up" and slips a full feed into the bogon feed, nothing bad will happen. (In fact, you might want to put a sample cisco & Juniper ACL from today's feed on the web site - just a suggestion, I'm sure most people here can do it themselves.)

Also, I _LIKE_ getting the information through BGP. The Border Gateway Protocol was specifically designed to allow separate (autonomous) entities to pass routing data. That is _exactly_ what we are doing with the bogon feed.

Just my $0.00002. (And I won't even ask not to be banned. :)