Where are static bogon filters appropriate? was: 184.108.40.206/16 Bogons
peter at peter-dambier.de
Sun Mar 4 03:25:13 UTC 2007
This can proof the opposite.
Malware comes from redirected allocated blocks, not from bogons.
Peter and Karin
Sean Donelan wrote:
> On Fri, 2 Mar 2007, Daniel Senie wrote:
>> How do you know, if you're the one being attacked and you have no idea
>> if the originating network or their immediate upstream implemented
>> BCP38? Shall we just discard ingress filtering? If few attacks are
>> using it today, should we declare it no longer relevant? At the same
>> time we should ask if we should be x-raying shoes at the airport,
>> since there's only been one guy who tried to blow up his shoes. The
>> larger security question is, "do you stop looking for old threats
>> simply because they're not the most common threats?" How many CodeRed
>> packets flow over the Internet on a typical day? I assure you it's not
> Show me the data.
> How many CodeRed packets originate from unallocated addresses?
> Is the proposal actually effective at detecting or protecting against
> the threat? Or is it just a wasted effort for show?
> Instead of dropping packets with unallocated sources addresses, perhaps
> backbones should shutdown interfaces they receive packets from
> unallocated address space. Would this be more effective at both
> stopping the sources of unallocated addresses; as well as sources that
> spoof other addresses because the best way to prevent your interface
> from being shutdown by backbone operators is to be certain you only
> transmit packets with your source addresses.
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
More information about the NANOG