Who is announcing bogons?
jbates at brightok.net
Tue Apr 29 01:30:31 UTC 2003
Sean Donelan wrote:
> But my real question is why are negative bogon lists necessary? If you
> ask providers, they all say they implement positive prefix list filters
> on all their customers. So who is injecting the bogons? And why do they
> still have a network connection?
This is true. Case in point: During this last month, a large provider
not only routed a /16 network for their customer, they also sent in radb
templates on behalf of their customer. The customer is a known rogue AS,
but they still exist. This wasn't the first network they stole. They are
US based, yet the network was registered to a company over seas. Untold
numbers of spam were sent from that network for the hours that it was
up. I only escaped because the spammers used a single word in the
helo/ehlo parameter without a period and my server are in strict RFC mode.
> Should we be spending time teaching people how to do positive prefix
> filters, or trying to explain to them why the negative prefix filter
> the last network administrator installed 2 years ago is out of date.
Both. Knowledge is power. It is the only thing everyone can agree upon.
We need to educate people. We need to stop being tolerant to servers,
services and networks that are not RFC complaint. We need to teach
people how to use their network. We need to inform people that there are
communication channels on the Internet. Teach them about the various
mailing lists and resources that they need. Open their eyes to the truth
about the Internet and how fragile it truely is.
> What is the cross-over point? When does the number of lines in a bogon
> list become larger than the positive prefix filter? If you are going to
> list every sub-allocation which isn't routed, why not just list the
> allocations which should be routed?
It's been tried. See the routing registries. Yet, what do you do when
it's not used or unverified data? What's to keep someone from
registering 126.96.36.199/16 in RADB and being considered "legitimate" even
though the network belongs to IBM? There are networks that demand trust,
and yet they are untrustworthy. Education is the key.
More information about the NANOG