Who is announcing bogons?

Jack Bates jbates at brightok.net
Tue Apr 29 01:30:31 UTC 2003

Sean Donelan wrote:
> But my real question is why are negative bogon lists necessary?  If you
> ask providers, they all say they implement positive prefix list filters
> on all their customers.  So who is injecting the bogons?  And why do they
> still have a network connection?
This is true. Case in point: During this last month, a large provider 
not only routed a /16 network for their customer, they also sent in radb 
templates on behalf of their customer. The customer is a known rogue AS, 
but they still exist. This wasn't the first network they stole. They are 
US based, yet the network was registered to a company over seas. Untold 
numbers of spam were sent from that network for the hours that it was 
up. I only escaped because the spammers used a single word in the 
helo/ehlo parameter without a period and my server are in strict RFC mode.

> Should we be spending time teaching people how to do positive prefix
> filters, or trying to explain to them why the negative prefix filter
> the last network administrator installed 2 years ago is out of date.

Both. Knowledge is power. It is the only thing everyone can agree upon. 
We need to educate people. We need to stop being tolerant to servers, 
services and networks that are not RFC complaint. We need to teach 
people how to use their network. We need to inform people that there are 
communication channels on the Internet. Teach them about the various 
mailing lists and resources that they need. Open their eyes to the truth 
about the Internet and how fragile it truely is.

> What is the cross-over point?  When does the number of lines in a bogon
> list become larger than the positive prefix filter?  If you are going to
> list every sub-allocation which isn't routed, why not just list the
> allocations which should be routed?

It's been tried. See the routing registries. Yet, what do you do when 
it's not used or unverified data? What's to keep someone from 
registering in RADB and being considered "legitimate" even 
though the network belongs to IBM? There are networks that demand trust, 
and yet they are untrustworthy. Education is the key.


More information about the NANOG mailing list