Is it time to abandon bogon prefix filters?

Patrick W. Gilmore patrick at ianai.net
Wed Aug 6 14:55:44 UTC 2008


On Aug 6, 2008, at 10:28 AM, Rob Thomas wrote:

> This makes sense especially for static filters.  Automated feeds,  
> such as the bogon route-server or DNS zones, leaves folks with  
> options.

Honestly, I don't believe the 80/20 rules applies here.

Until all transit networks are willing to strictly filter their  
downstreams (and themselves!), if there is any unused space (note I  
said "unused", not "unallocated"), the miscreants will use it.  They  
are not going around saying "oh, damn, there are only a few /8s left,  
we better stop!".

Filter your bogons.  But do it in an automated fashion, from a trusted  
source.

Of course, I recommend Team Cymru, which has a most sterling record.   
Nearly perfect (other than the fact they still recommend MD5 on BGP  
sessions :).

-- 
TTFN,
patrick





More information about the NANOG mailing list