North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Where are static bogon filters appropriate? was: Bogons

  • From: Adrian Chadd
  • Date: Thu Mar 01 23:21:13 2007

On Thu, Mar 01, 2007, Roland Dobbins wrote:
> On Mar 1, 2007, at 1:10 PM, Chris L. Morrow wrote:
> >So... again, are bogon filters 'in the core' useful? (call 'core' some
> >network not yours)
> Antispoofing is 'static' and therefore brittle in nature, people  
> change jobs, etc. - so, we shouldn't do antispoofing, either?
> Enterprises typically don't do this stuff.  They should, and we work  
> to educate them, but it's even more difficult in that space than in  
> the SP space.
> A question I have is whether or not this class of problems is more of  
> a 'need the vendors to come up with better/easier functionality' type  
> of problem, a 'need the SPs to do a better job with this' kind of  
> problem, or is it more in the realm of a 'TCP/IP in its current  
> incarnation(s) lends itself these kinds of issues' type of problem?

As stuff like Ironport shows - you'll probably have better market penetration
by making a little knob labelled "filter unknown and unallocated IP prefixes
(default on)" on a nice shiny firewall appliance/blade and charge the
enterprise $150pm to keep this up to date.

(Then another for "filter hosts actively involved in hacking attempts" for
another $300 pm.)

(And, finally, "check active IP(s) that I'm transiting against the various
list(s) of botnet and CERT related activities, send SNMP trap when
matches are found" for even more.)