Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons

• Previous message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Next message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 01 Mar 2007 21:08:59 EST, "Steven M. Bellovin" said:
> On Thu, 01 Mar 2007 14:22:37 +0000 (GMT)> "Chris L. Morrow" <christopher.morrow at verizonbusiness.com> wrote:
> > So, where are static bogon filters appropriate? (loaded question
> > perhaps) I ask because just about every 'security expert' and
> > 'security whitepaper' or 'security suggestions' has some portion that
> > speaks to "why it's a grand idea to have acl-lines/firewall-policy tp
> > block 'bogon' ip space" (for some definition of 'bogon' of course).

> Well, not all of us advocate that; see
> http://www.merit.edu/mail.archives/nanog/2006-01/msg00150.html  

Well Steve, it's like this:  There are (a) security experts, (b) "security
experts", and (c) guys that spend their day making things usable in spite of
what the rest of the net throws in their AS's direction.  You're an example of
one, I'm an example of another, and the advocates of static bogon filters are
an example of the third.  Figuring out which is which is left as an exercise
for the reader...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070301/5581c300/attachment.sig>

• Previous message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Next message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]