Where are static bogon filters appropriate? was: Bogons

Peter Dambier peter at peter-dambier.de
Sun Mar 4 03:25:13 UTC 2007



This can proof the opposite.

Malware comes from redirected allocated blocks, not from bogons.

Kind regards
Peter and Karin

Sean Donelan wrote:
> On Fri, 2 Mar 2007, Daniel Senie wrote:
>> How do you know, if you're the one being attacked and you have no idea 
>> if the originating network or their immediate upstream implemented 
>> BCP38? Shall we just discard ingress filtering? If few attacks are 
>> using it today, should we declare it no longer relevant? At the same 
>> time we should ask if we should be x-raying shoes at the airport, 
>> since there's only been one guy who tried to blow up his shoes. The 
>> larger security question is, "do you stop looking for old threats 
>> simply because they're not the most common threats?" How many CodeRed 
>> packets flow over the Internet on a typical day? I assure you it's not 
>> zero.
> Show me the data.
> How many CodeRed packets originate from unallocated addresses?
> Is the proposal actually effective at detecting or protecting against 
> the threat?  Or is it just a wasted effort for show?
> http://www.tsa.gov/press/happenings/kip_hawley_x-ray_remarks.shtm
> Instead of dropping packets with unallocated sources addresses, perhaps 
> backbones should shutdown interfaces they receive packets from 
> unallocated address space.   Would this be more effective at both 
> stopping the sources of unallocated addresses; as well as sources that 
> spoof other addresses because the best way to prevent your interface 
> from being shutdown by backbone operators is to be certain you only 
> transmit packets with your source addresses.

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com

More information about the NANOG mailing list