|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IPv6 PI block is announced - update your filters 2620:0000::/23
On Fri, 15 Sep 2006, Randy Bush wrote: IANA-based data bogon filters are in fact mostly useful to filter attackCall me naive, but could somebody enlighten me as to what tangible benefit filtering out bogon space actually achieves? It strikes me that it causes more headaches than it solves.the theory is that it means you have no route to send responses back to an attacker who uses tcp, i.e. a spammer. issues using udp-based and similar protocols that don't require session establishment. the practice is that spammers use holes or super-blocks of allocated, i.e. not bogon, space. they are not stupid.It is still bogon space and completewhois bogon list catches most of those. Those that don't get caught are the ones where allocation exists but ip space is not being used (i.e. not advertised in bgp) and then doing super-block works for the spammer (there are ways to filter that as well actually but you ran risk of filtering those doing aggregation). And do remember that original question was about IPv6 allocation. Personally I don't know any spammers using ipv6 bogon space [yet]... so your point is well taken. randy
|