North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Where are static bogon filters appropriate? was: Bogons

  • From: Gregory Edigarov
  • Date: Thu Mar 01 09:56:32 2007

Jon Lewis wrote:

On Thu, 1 Mar 2007, Chris L. Morrow wrote:

So, where are static bogon filters appropriate? (loaded question perhaps)
I ask because just about every 'security expert' and 'security whitepaper'
or 'security suggestions' has some portion that speaks to "why it's a
grand idea to have acl-lines/firewall-policy tp block 'bogon' ip space"
(for some definition of 'bogon' of course).

I suppose they're appropriate when done by network security consultants, as it guarantees future / repeat business. :)

I'll second this opinion, As most of DDoS attacks are from zombies, which are in registered networks.
Especially I did never see any traffic from so called bogons. Perhaps, bogon acls are helpful when they are configured on backbone, but not everywhere.

just my 1E-10  cents :-)
With best regards,
   Gregory Edigarov