Bogon list or Dshield.org type list
jnull
jnull at truerouting.com
Sun Jul 28 03:25:01 UTC 2002
Alsato,
I have recently begun using Bogon Lists myself, after some research and
convincing advice I received from members of this list. However, I do
not agree with the terminology. A Bogon List is absolute (termed from
Bogus, derived from bogus or unreal). The only addresses I would place
in this list are address blocks that have not been assigned—adding 1918
at borders. Other routes, determined malevolent or non-existent should
be configured case-by-case. I don’t believe I would trust any source as
definitive. It has already proven a valuable measure against unwanted
traffic, as you can see in a one-week timespan:
Extended IP access list 120 (Compiled)
permit tcp any any established (243252113 matches)
deny ip 0.0.0.0 1.255.255.255 any (825328 matches)
deny ip 2.0.0.0 0.255.255.255 any (413487 matches)
deny ip 5.0.0.0 0.255.255.255 any (410496 matches)
deny ip 7.0.0.0 0.255.255.255 any (413621 matches)
deny ip 10.0.0.0 0.255.255.255 any (1524547 matches)
deny ip 23.0.0.0 0.255.255.255 any (411623 matches)
deny ip 27.0.0.0 0.255.255.255 any (414992 matches)
deny ip 31.0.0.0 0.255.255.255 any (409379 matches)
deny ip 36.0.0.0 1.255.255.255 any (822904 matches)
deny ip 39.0.0.0 0.255.255.255 any (415316 matches)
deny ip 41.0.0.0 0.255.255.255 any (412452 matches)
deny ip 42.0.0.0 0.255.255.255 any (408982 matches)
deny ip 49.0.0.0 0.255.255.255 any (412448 matches)
deny ip 50.0.0.0 0.255.255.255 any (411544 matches)
deny ip 58.0.0.0 0.255.255.255 any (409797 matches)
deny ip 59.0.0.0 0.255.255.255 any (409663 matches)
deny ip 60.0.0.0 0.255.255.255 any (411317 matches)
deny ip 69.0.0.0 0.255.255.255 any (409853 matches)
deny ip 70.0.0.0 1.255.255.255 any (833182 matches)
deny ip 72.0.0.0 7.255.255.255 any (3300703 matches)
deny ip 82.0.0.0 1.255.255.255 any (828636 matches)
deny ip 84.0.0.0 3.255.255.255 any (1650688 matches)
deny ip 88.0.0.0 7.255.255.255 any (3301130 matches)
deny ip 96.0.0.0 31.255.255.255 any (13193345 matches)
deny ip 169.254.0.0 0.0.255.255 any (204893 matches)
deny ip 172.16.0.0 0.15.255.255 any (48290 matches)
deny ip 192.0.2.0 0.0.0.255 any (201 matches)
deny ip 192.168.0.0 0.0.255.255 any (326367 matches)
deny ip 197.0.0.0 0.255.255.255 any (409469 matches)
deny ip 198.18.0.0 0.1.255.255 any (3201 matches)
deny ip 201.0.0.0 0.255.255.255 any (410619 matches)
deny ip 222.0.0.0 1.255.255.255 any (823491 matches)
deny ip 223.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any (13165320 matches)
permit ip any any (600152250 matches)
For more detailed information on the subject matter, contact Rob Thomas
or John Brown—also NANOG members.
Good luck with you endeavors; you’re on the right track.
Jeff
PGP: 0x54B1A25C
"There are 10 types of people:
those that understand binary,
and those that do not.
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
alsato
Sent: Saturday, July 27, 2002 7:08 PM
To: nanog at merit.edu
Subject: Bogon list or Dshield.org type list
Im wondering how many of you use Bogon Lists and
http://www.dshield.org/top10.html type lists on your routers? Im
curious to know if you are an ISP with customers or backbone provider
or someone else? I have a feeling not many people use these on
routers? Im wondering why or why not?
Ive never used them on my routers although I work for a new isp/cable
provider. Im thinking it would make my users happy to use them though.
alsato
More information about the NANOG
mailing list