Is it time to abandon bogon prefix filters?

Darden, Patrick S. darden at armc.org
Wed Aug 6 12:32:42 CDT 2008


1.  DOS of Cymru (as noted below).
2.  False Positives.  Your network is suddenly stranded.  Maybe on purpose. (DOS of a network, e.g. China or Youtube).
3.  False Negatives.  A bogus network is suddenly centrally rubber-stamped.  Could happen.  We've seen a lot of shenanigans with the domain registrars--similar issues could happen here.
.
.

I guess I am just trying to say that a centralized trusted repository brings with it a chance for a single point of failure.  Could be the pros outweigh the cons.  There are issues with a de-centralized system as well (which is what brought this conversation about.)  Nothing specific to Cymru.

--Patrick Darden


-----Original Message-----
From: Skywing [mailto:Skywing at valhallalegends.com]
Sent: Wednesday, August 06, 2008 1:25 PM
To: Patrick W. Gilmore; NANOG list
Subject: RE: Is it time to abandon bogon prefix filters?


Then again, it does make Team Cymru an attractive target for DoS or even compromise if they can control routing policy to a degree for a large number of disparate networks.  Especially if it gets in the way of for-profit spammers.

(Not trying to knock them, just providing a for consideration.  I would certainly hope and expect that Team Cymru would do their due dilligance in that respect, but it seems like an attractive central point of failure to attack to me.)

- S





More information about the NANOG mailing list