North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons

  • From: Roland Dobbins
  • Date: Thu Mar 01 17:47:43 2007
  • Authentication-results: ind-dkim-2; [email protected]; dkim=pass ( sig from cisco.com/inddkim2002 verified; );
  • Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1038; t=1172788846; x=1173652846; c=relaxed/simple; s=inddkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20Roland=20Dobbins=20<[email protected]> |Subject:=20Re=3A=20Where=20are=20static=20bogon=20filters=20appropriate? =20was=3A=2096.2.0.0/16=20Bogons |Sender:=20; bh=lbPlKXPl+48o1tPUWg6KLzZ6jXgN8WVsC19zgOhyvgs=; b=wEskPuH2sF24pxN/essfe8cqwcA8rnU82JVnj/RvH1OTbTU8uri5f4/ZXiBgFoqmtR9ZFMNS AcKlS5/pOE7RV2bMSMmtcxqLj9OPXtX3fazCJ7pOzp1cA++qmEv7DWpo;


On Mar 1, 2007, at 1:10 PM, Chris L. Morrow wrote:

So... again, are bogon filters 'in the core' useful? (call 'core' some
network not yours)

Antispoofing is 'static' and therefore brittle in nature, people change jobs, etc. - so, we shouldn't do antispoofing, either?

Enterprises typically don't do this stuff. They should, and we work to educate them, but it's even more difficult in that space than in the SP space.

A question I have is whether or not this class of problems is more of a 'need the vendors to come up with better/easier functionality' type of problem, a 'need the SPs to do a better job with this' kind of problem, or is it more in the realm of a 'TCP/IP in its current incarnation(s) lends itself these kinds of issues' type of problem?

-----------------------------------------------------------------------
Roland Dobbins <[email protected]> // 408.527.6376 voice

The telephone demands complete participation.

-- Marshall McLuhan