IPv6 PI block is announced - update your filters 2620:0000::/23

• Previous message (by thread): IPv6 PI block is announced - update your filters 2620:0000::/23
• Next message (by thread): IPv6 PI block is announced - update your filters 2620:0000::/23
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Sep 2006, Randy Bush wrote:

>> Call me naive, but could somebody enlighten me as to what tangible benefit 
>> filtering out bogon space actually achieves? It strikes me that it causes 
>> more headaches than it solves.
>
> the theory is that it means you have no route to send responses back to an 
> attacker who uses tcp, i.e. a spammer.

IANA-based data bogon filters are in fact mostly useful to filter attack
issues using udp-based and similar protocols that don't require session 
establishment.

> the practice is that spammers use holes or super-blocks of allocated, i.e. 
> not bogon, space.  they are not stupid.

It is still bogon space and completewhois bogon list catches most of those.
Those that don't get caught are the ones where allocation exists but ip 
space is not being used (i.e. not advertised in bgp) and then doing 
super-block works for the spammer (there are ways to filter that as
well actually but you ran risk of filtering those doing aggregation).

And do remember that original question was about IPv6 allocation.
Personally I don't know any spammers using ipv6 bogon space [yet]...

> so your point is well taken.
>
> randy

• Previous message (by thread): IPv6 PI block is announced - update your filters 2620:0000::/23
• Next message (by thread): IPv6 PI block is announced - update your filters 2620:0000::/23
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]