North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is it time to abandon bogon prefix filters?

  • From: Justin Shore
  • Date: Wed Aug 06 12:02:38 2008

Leo Bicknell wrote:
Have bogon filters outlived their use?  Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?

In my opinion no; BOGON filters are still very useful. Back when only 5% of the IP space was allocated we didn't have the same kinds of serious threats to our networks and our users that we have today. We didn't have spammers hijacking unallocated space (can if be considered hijacking when the block hasn't been allocated yet?) to mass mail our users, host phishing servers, run C&C servers for botnets, etc. Today we do and the use of what few networks are still unallocated for bad purposes are prevalent.


For my users I only recommend that they use dynamic methods of keeping up to date with changes in the BOGON list. While I still do much of my BOGON work manually, as I'm sure many of us do, I have my local BOGON lists updated within a few hours of learning of a new allocation (sometimes even before the bogon-announce email arrives). For those that aren't uber network geeks I recommend using something automated.

Look at it this way: you have what's essentially a mostly static list of netblocks from which all traffic is unquestionably malicious. Wouldn't you block it if you could for the sake of your network security and that of your users?

Justin