North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
- From: Jason Frisvold
- Date: Sun Mar 04 15:52:29 2007
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=J7oqC5xqnHk5MQoBbc74IEI4AuQz+hFOifRtBaggDrsjqdv3oQp0zpqIYlcREMlKvMc2zpePwqA47ryjuJi9QaTQIheb5yzDsjvF22YQ0yVwt6GodULlvr05+LhQzuRBrR5MLSHijzea+T0/FvPh8+8RFwIjTxU3qMZar/BJqJw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=SlZq2IIXl8oolf9qkZnJHGCjZ7ODENZlfRnejvu8Rs5+OqxIj/CNHgJTpfVoJi1lxKjZ+yjuygoTNxb84ndyeHaYLPZ5XHfXO4Db3dFAE28SExTbd0XoVDlJT4aEFFVOGLA/aD8yUphkaKmc7RnIukcxZF/szFA4oZAbaCM39uA=
On 3/2/07, Roland Dobbins <[email protected]> wrote:
No one has done the digging required to answer any of these
questions, unfortunately.
Can you get a valid answer to this based on the existence of BCP38?
What I mean is, if your upstream is filtering bogons, you can't get a
good read on the amount of "bad" traffic sourcing from "illegal"
addresses. However, I'm sure it's there. If we stop filtering
so-called "bad" addresses, I'm sure that the attacks from those
addresses will increase when it's realized that the filters are gone.
I agree with others in that you can't stop looking for old attacks
just because they don't happen much anymore. But we can improve the
ways we look. uRPF is definitely a dynamic option, but as I
understood it, there were issues with using it on multi-homed networks
with asynchronous routing. Granted, it has been some time since I've
looked at uRPF.
I think something like the Cymru bogon route server is great, but I'm
not a very trusting person when it comes to something like that. I
don't like giving up that level of control. Of course, at some point,
I suppose have to trust something...
I definitely believe in filtering both bogons and RFC 1918 space, it's
just a management issue that has to be dealt with.
-----------------------------------------------------------------------
Roland Dobbins <[email protected]> // 408.527.6376 voice
--
Jason 'XenoPhage' Frisvold
[email protected]
http://blog.godshell.com
|