North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is it time to abandon bogon prefix filters?

  • From: Robert E. Seastrom
  • Date: Thu Aug 07 15:30:26 2008

"Patrick W. Gilmore" <[email protected]> writes:

> How much does it help to filter the bogons? In one study conducted by
> Rob Thomas of a frequently attacked site, fully 60% of the naughty
> packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.)

Stated another way, you can get 60% success on bogon filtering by
ignoring the free pool (which is getting smaller over time which
indicates the value in filtering it is asymptotic to zero) and only
filtering obvious crud, whose definition is not going to change over time.

In other words, Leo is right, and I'd submit that we're past the point
where putting in non-auto-updated filters for the free pool has a
value that exceeds the operational cost of dealing with their
lossage...  by a couple of years.

-r