69/8...this sucks -- Centralizing filtering..

E.B. Dreger eddy+public+spam at noc.everquick.net
Mon Mar 10 15:45:43 UTC 2003


MS> Date: Mon, 10 Mar 2003 10:27:35 -0500
MS> From: Mark Segal


MS> Since most service providers should be thinking about a sink
MS> hole network for security auditing (and backscatter),  why
MS> not have ONE place where you advertise all unreachable, or
MS> better yet -- a default (ie everything NOT learned through
MS> BGP peers), and just forward the packets to a bit bucket..
MS> Which is better than an access list since, now we are
MS> forwarding packets instead of sending them to a CPU to
MS> increase router load.

Chris Morrow and Brian Gemberling (a.k.a. dies) have some fine
instructions on how to do just that.  Rob Thomas has a bogon
route server that comes in handy.

The problem with only a default:  Think when a rogue ISP decides
to advertise an unused netblock and utilize that IP space for
malicious purposes.  A route exists... do we trust it?


MS> I don't think ARIN can help the situation.  ISPs just need to

Probably not.  Nor should they need to.  Although perhaps they
could allocate other netblocks, and they _do_ charge a fair
amount for PI space... ;-)


MS> remove the access lists from each router in the network and
MS> centralize them.

Now, how can we force that?  Sufficient reward for doing so, or
pain for failure.  Evidently "some people can't reach you" isn't
enough pain, and having full reachability isn't enough reward.

I'm looking forward to Jon Lewis (or others) providing some stats
about just how bad the problem is... being fortunate enough not
to have [any clients in] 69/8 space I can't comment first-hand on
the severity of the problem.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.




More information about the NANOG mailing list