Please Check Filters - BOGON Filtering IP Space

Chris A. Epler cepler at
Thu Jan 20 18:20:45 UTC 2005

Hash: SHA1

Jared Mauch wrote:

| 	I'm not saying this to trash cisco, many people there know that,
| but the important thing is insuring that the global internet isn't
| further harmed, and as more allocations are done the harm becomes
| greater and it hurts every single person in this industry, providers
| and vendors alike.

k, bit my tongue as much as I could...  But I gotta vent ;-P

So, Cisco provides this 'AutoSecure' function and everyone jumps all
over the static bogon list.  Why?  Hello?  The basic idea here is that
it gets you decent out of the box setup defaults which you tailor after
running it, right?  (NOTE: I haven't actually hit the AUTOSECURE button
yet, just read a little about it)

Whats so bad about decent secure defaults?  I just see it as a shortcut
to getting a router online, not a solution to security.  If you're
implementing a new router and setting up Bogon filters you should
already know that they'll need to be updated regularly and should
replace the access list with a refreshed one using the autosecure
configuration as a TEMPLATE that you work off of.  If you don't know
this, then you shouldn't be in charge of said router.  Am I missing
something here???

- --
~     /"\
~      X        AGAINST HTML MAIL
~     / \
Version: GnuPG v1.2.6 (GNU/Linux)


More information about the NANOG mailing list