Is it time to abandon bogon prefix filters?

• Previous message (by thread): Is it time to abandon bogon prefix filters?
• Next message (by thread): Is it time to abandon bogon prefix filters?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Leo Bicknell wrote:
> Have bogon filters outlived their use?  Is it time to recommend people
> go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
> doesn't need to be updated as frequently?

In my opinion no; BOGON filters are still very useful.  Back when only 
5% of the IP space was allocated we didn't have the same kinds of 
serious threats to our networks and our users that we have today.  We 
didn't have spammers hijacking unallocated space (can if be considered 
hijacking when the block hasn't been allocated yet?) to mass mail our 
users, host phishing servers, run C&C servers for botnets, etc.  Today 
we do and the use of what few networks are still unallocated for bad 
purposes are prevalent.

For my users I only recommend that they use dynamic methods of keeping 
up to date with changes in the BOGON list.  While I still do much of my 
BOGON work manually, as I'm sure many of us do, I have my local BOGON 
lists updated within a few hours of learning of a new allocation 
(sometimes even before the bogon-announce email arrives).  For those 
that aren't uber network geeks I recommend using something automated.

Look at it this way:  you have what's essentially a mostly static list 
of netblocks from which all traffic is unquestionably malicious. 
Wouldn't you block it if you could for the sake of your network security 
and that of your users?

Justin

• Previous message (by thread): Is it time to abandon bogon prefix filters?
• Next message (by thread): Is it time to abandon bogon prefix filters?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]