Bogon filtering (don't ban me)
David Barak
thegameiam at yahoo.com
Fri Dec 3 15:08:13 UTC 2004
--- "J. Oquendo" <sil at politrix.org> wrote:
> I thought about it over and over, and wonder why
> this hasn't been done.
> Any care to beat me with a clue stick or two. I can
> understand the
> arguments of not wanting a vendor to have control of
> some aspect of my
> business, or control over my network, but correct me
> if I am wrong,
> wouldn't this solve a heck of a lot of issues
> concerning network based
> attacks, spam, scumware/spyware/fooware/$*something?
Vendor C has something similar, in their "autosecure"
feature. However, the trouble is that the list of
bogon networks is static, and in fact includes 70/8
among many others. This is (I'm certain) contributing
to the reachability issues that those folks with new
netblocks experience.
A better implementation would be for vendors to
include a "bogon-subscribe server x.x.x.x" feature,
which would simply allow a router to talk to a
centralized bogon server.
However, the complexity of setting up the real-time
BGP bogon feeds is not that hard - anyone who would
use the above command could do it - so I'm not sure
that this requires any new tools.
=====
David Barak
-fully RFC 1925 compliant-
__________________________________
Do you Yahoo!?
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250
More information about the NANOG
mailing list