North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is it time to abandon bogon prefix filters?

  • From: Patrick W. Gilmore
  • Date: Wed Aug 06 12:58:58 2008

On Aug 6, 2008, at 11:46 AM, Laurence F. Sheldon, Jr. wrote:
Leo Bicknell wrote:

Have bogon filters outlived their use? Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?

Seems like filtering against those could be done on the backplane, so to speak.


One of the things that has always puzzled me is this:

In the default-free zone, why is necessary to filter _against_ anybody? Seems like traffic for which there is no route would at most be dumped to an error-log someplace.

For folks with a default route, I have long advocated (with no success what ever) filtering against stuff like the above, your own networks as sourced somewhere else, such.

I'm confused. Why does it matter if you are DF or not?


If the packets are just coming in, there does not need to be a prefix in the table.

If duplex communication is required (e.g. spam runs), a prefix need to be in the table whether you have a 0/0 or not.

We know spammers have done runs by announcing a block (which gets it into the DFZ if it is not filtered properly), send spam, pull prefix. So again, why does it matter if you have a default route or not?


I also think a central blacklist a la spamhaus for networks makes sense.

See Team Cymru.


--
TTFN,
patrick