Is it time to abandon bogon prefix filters?
Robert E. Seastrom
rs at seastrom.com
Thu Aug 7 14:29:41 CDT 2008
"Patrick W. Gilmore" <patrick at ianai.net> writes:
> How much does it help to filter the bogons? In one study conducted by
> Rob Thomas of a frequently attacked site, fully 60% of the naughty
> packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.)
Stated another way, you can get 60% success on bogon filtering by
ignoring the free pool (which is getting smaller over time which
indicates the value in filtering it is asymptotic to zero) and only
filtering obvious crud, whose definition is not going to change over time.
In other words, Leo is right, and I'd submit that we're past the point
where putting in non-auto-updated filters for the free pool has a
value that exceeds the operational cost of dealing with their
lossage... by a couple of years.
More information about the NANOG