North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

  • From: Chris A. Epler
  • Date: Thu Jan 20 13:22:06 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jared Mauch wrote:

| 	I'm not saying this to trash cisco, many people there know that,
| but the important thing is insuring that the global internet isn't
| further harmed, and as more allocations are done the harm becomes
| greater and it hurts every single person in this industry, providers
| and vendors alike.

k, bit my tongue as much as I could...  But I gotta vent ;-P

So, Cisco provides this 'AutoSecure' function and everyone jumps all
over the static bogon list.  Why?  Hello?  The basic idea here is that
it gets you decent out of the box setup defaults which you tailor after
running it, right?  (NOTE: I haven't actually hit the AUTOSECURE button
yet, just read a little about it)

Whats so bad about decent secure defaults?  I just see it as a shortcut
to getting a router online, not a solution to security.  If you're
implementing a new router and setting up Bogon filters you should
already know that they'll need to be updated regularly and should
replace the access list with a refreshed one using the autosecure
configuration as a TEMPLATE that you work off of.  If you don't know
this, then you shouldn't be in charge of said router.  Am I missing
something here???

- --
~     /"\
~     \ /     ASCII RIBBON CAMPAIGN
~      X        AGAINST HTML MAIL
~     / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB7/Z925hr1at2zS8RAsyyAJ9DBfqDfgsdmCpCJP0oxhJ57pkLSgCfQsTb
ujQRVk4dJa82CZfnq7AhgWc=
=4VkL
-----END PGP SIGNATURE-----