Where are static bogon filters appropriate? was: 22.214.171.124/16 Bogons
adrian at creative.net.au
Fri Mar 2 04:25:52 UTC 2007
On Thu, Mar 01, 2007, Roland Dobbins wrote:
> On Mar 1, 2007, at 1:10 PM, Chris L. Morrow wrote:
> >So... again, are bogon filters 'in the core' useful? (call 'core' some
> >network not yours)
> Antispoofing is 'static' and therefore brittle in nature, people
> change jobs, etc. - so, we shouldn't do antispoofing, either?
> Enterprises typically don't do this stuff. They should, and we work
> to educate them, but it's even more difficult in that space than in
> the SP space.
> A question I have is whether or not this class of problems is more of
> a 'need the vendors to come up with better/easier functionality' type
> of problem, a 'need the SPs to do a better job with this' kind of
> problem, or is it more in the realm of a 'TCP/IP in its current
> incarnation(s) lends itself these kinds of issues' type of problem?
As stuff like Ironport shows - you'll probably have better market penetration
by making a little knob labelled "filter unknown and unallocated IP prefixes
(default on)" on a nice shiny firewall appliance/blade and charge the
enterprise $150pm to keep this up to date.
(Then another for "filter hosts actively involved in hacking attempts" for
another $300 pm.)
(And, finally, "check active IP(s) that I'm transiting against the various
list(s) of botnet and CERT related activities, send SNMP trap when
matches are found" for even more.)
More information about the NANOG