|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
On Thu, 01 Mar 2007 14:22:37 +0000 (GMT) "Chris L. Morrow" <[email protected]> wrote: > > On Thu, 1 Mar 2007, Jon Lewis wrote: > > > On Wed, 28 Feb 2007, Eric Ortega wrote: > > > > > I'd like to thank the group for the responses and help with this > > > issue. I find it ironic that Randy's study actually uses 96 space. > > > > The amazing/sad thing is that people have been facing and fixing > > the same problem for more than 4 years. How many times does a > > network have to fix their static bogon filters before coming to the > > realization that those filters are a bad idea? > > So, where are static bogon filters appropriate? (loaded question > perhaps) I ask because just about every 'security expert' and > 'security whitepaper' or 'security suggestions' has some portion that > speaks to "why it's a grand idea to have acl-lines/firewall-policy tp > block 'bogon' ip space" (for some definition of 'bogon' of course). > Well, not all of us advocate that; see http://www.merit.edu/mailinglist/mailarchives/old_archive/2006-01/msg00150.html --Steve Bellovin, http://www.cs.columbia.edu/~smb
|