Checking bogon status of new address space
Robert E. Seastrom
rs at seastrom.com
Tue May 12 11:54:49 UTC 2009
James Hess <mysidia at gmail.com> writes:
>> 29/256 = 11% of the available address space. My argument is, if
>> someone is scanning you from random source addresses blocking 10%
>> of the scan traffic is reaching a point of very little return for
>> the effort of updating the address lists, and as we all know it is
>> getting smaller and smaller.
>
> Granted, if the filters aren't updated very frequently, they're pretty bad.
That's the usual state of affairs, unfortunately.
> But.. I would suggest, basically, filtering bogons is still great and
> pretty important, it serves as an ongoing deterrant against random
> unruly networks trying to pick up the unassigned addresses, or
> treating the space as "Up for grabs" just because some space happens
> to be unannounced (and unassigned).
Gotta agree with Leo here. We can't even get people to implement
BCP-38, which is nine years old for crying out loud. The deployment
level at which bogon filtering is a deterrent to squatting is quite a
bit higher from the point at which it becomes an issue to legitimate
users.
I've considered static bogon filters to be a Worst Current Practice
for years. If you feel you absolutely must engage in the practice use
a dynamic feed like Cymru's, but honestly, just let it go.
-r
More information about the NANOG
mailing list