Please Check Filters - BOGON Filtering IP Space

Bill Stewart nonobvious at
Fri Jan 21 19:39:00 UTC 2005

On Thu, 20 Jan 2005 20:16:14 +0530, Suresh Ramasubramanian
<ops.lists at> wrote:
> Analogies suck, but look at (for example) Norton AntiVirus.  You pay
> for a year of virus definition updates.  Then when the year runs out,
> Symantec is not going to give you a single new virus definition even
> if there's a new worm around that dwarfs Sobig, Klez and all the other
> viruses put together ...  I can see brand C following a similar
> strategy with their bogon updates.

The problem with this analogy is that the failure modes are opposite.
Once something is a virus, it stays a virus, so keeping it in your
virus file forever is fine;
all you miss are the new viruses.
But once something is a bogon, it doesn't stay a bogon; it eventually
will get used,
unless the Great IPv6 Revolution catches up with us first.
A slightly more conservative approaches is to not list the next couple
of address blocks
as bogons, but that just means that problems will occur six months
later when everybody's forgotten to update them.
             Thanks;     Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

More information about the NANOG mailing list