North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is it time to abandon bogon prefix filters?

  • From: Patrick W. Gilmore
  • Date: Wed Aug 06 10:55:52 2008

On Aug 6, 2008, at 10:28 AM, Rob Thomas wrote:

This makes sense especially for static filters. Automated feeds, such as the bogon route-server or DNS zones, leaves folks with options.

Honestly, I don't believe the 80/20 rules applies here.


Until all transit networks are willing to strictly filter their downstreams (and themselves!), if there is any unused space (note I said "unused", not "unallocated"), the miscreants will use it. They are not going around saying "oh, damn, there are only a few /8s left, we better stop!".

Filter your bogons. But do it in an automated fashion, from a trusted source.

Of course, I recommend Team Cymru, which has a most sterling record. Nearly perfect (other than the fact they still recommend MD5 on BGP sessions :).

--
TTFN,
patrick