North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
- From: Peter Dambier
- Date: Sat Mar 03 22:27:26 2007
http://www.completewhois.com/hijacked/files/203.27.251.0.txt
http://www.completewhois.com/hijacked/index.htm
This can proof the opposite.
Malware comes from redirected allocated blocks, not from bogons.
Kind regards
Peter and Karin
Sean Donelan wrote:
On Fri, 2 Mar 2007, Daniel Senie wrote:
How do you know, if you're the one being attacked and you have no idea
if the originating network or their immediate upstream implemented
BCP38? Shall we just discard ingress filtering? If few attacks are
using it today, should we declare it no longer relevant? At the same
time we should ask if we should be x-raying shoes at the airport,
since there's only been one guy who tried to blow up his shoes. The
larger security question is, "do you stop looking for old threats
simply because they're not the most common threats?" How many CodeRed
packets flow over the Internet on a typical day? I assure you it's not
zero.
Show me the data.
How many CodeRed packets originate from unallocated addresses?
Is the proposal actually effective at detecting or protecting against
the threat? Or is it just a wasted effort for show?
http://www.tsa.gov/press/happenings/kip_hawley_x-ray_remarks.shtm
Instead of dropping packets with unallocated sources addresses, perhaps
backbones should shutdown interfaces they receive packets from
unallocated address space. Would this be more effective at both
stopping the sources of unallocated addresses; as well as sources that
spoof other addresses because the best way to prevent your interface
from being shutdown by backbone operators is to be certain you only
transmit packets with your source addresses.
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [email protected]
mail: [email protected]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
|