Is it time to abandon bogon prefix filters?

Laurence F. Sheldon, Jr. LarrySheldon at cox.net
Wed Aug 6 10:46:35 CDT 2008


Leo Bicknell wrote:

> Have bogon filters outlived their use?  Is it time to recommend people
> go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
> doesn't need to be updated as frequently?

Seems like filtering against those could be done on the backplane, so to 
speak.

One of the things that has always puzzled me is this:

In the default-free zone, why is necessary to filter _against_ anybody? 
  Seems like traffic for which there is no route would at most be dumped 
to an error-log someplace.

For folks with a default route, I have long advocated (with no success 
what ever) filtering against stuff like the above, your own networks as 
sourced somewhere else, such.

I also think a central blacklist a la spamhaus for networks makes sense.
-- 
Requiescas in pace o email              Two identifying characteristics
                                              of System Administrators:
Ex turpi causa non oritur actio        Infallibility, and the ability to
                                              learn from their mistakes.
Eppure si rinfresca

ICBM Targeting Information:     http://tinyurl.com/4sqczs




More information about the NANOG mailing list