Is it time to abandon bogon prefix filters?
Danny McPherson
danny at tcb.net
Fri Aug 15 04:09:58 UTC 2008
On Aug 6, 2008, at 9:01 AM, Randy Bush wrote:
>
> serious curiosity:
>
> what is the proportion of bad stuff coming from unallocated space vs
> allocated space? real measurements, please. and are there
> longitudinal
> data on this?
>
> are the uw folk, gatech, vern, ... measuring?
Some data from our anonymous stats program
(currently ~90 ISPs) included below. In short,
~3% of 727k attacks we've seen over the last
631 days employed bogon source addresses.
(definition of what constitutes "attack" is subjected to
reporting participant operational policy, but these are
primarily rate-based DDoS attacks)
-danny
---
General Statistics
total_days 631
total_attacks 1137265
avg_attacks_day 1802
avg_collectors_day 47
avg_attacks_collector_day 38
total_good_attacks 727410 63.96%
---
Bogon Summary
bogon block attacks % of attacks
0.0.0.0/7 65 0.01
2.0.0.0/8 3 0.00
5.0.0.0/8 3 0.00
10.0.0.0/8 8794 1.21
23.0.0.0/8 4 0.00
27.0.0.0/8 7 0.00
92.0.0.0/6 101 0.01
100.0.0.0/6 374 0.05
104.0.0.0/5 303 0.04
112.0.0.0/5 775 0.11
120.0.0.0/8 45 0.01
127.0.0.0/8 6 0.00
172.16.0.0/12 3646 0.50
174.0.0.0/7 1 0.00
176.0.0.0/5 1 0.00
192.168.0.0/16 7451 1.02
223.0.0.0/8 10 0.00
224.0.0.0/3 8 0.00
bogonTotal 21597 2.97
More information about the NANOG
mailing list