Is it time to abandon bogon prefix filters?
robt at cymru.com
Thu Aug 7 16:38:47 CDT 2008
Hi, NANOG (he says with a shout)!
> btw, patrick neglected the last sentences of that paragraph, which made
> me wonder what rob would actually say. luckily, in response to my post,
> rob replied that he/they would try to get some useful measures in the
> near term. i am patient.
Yep yep, have some results at last. Sorry, the queries took a bit
longer than planned.
Note that the study I conducted which populated the "60 Days of Basic
Naughtiness" presentation is now years old. Such studies, like me,
don't necessarily age well. :)
This is not meant to replace a more comprehensive and clueful study by
the likes of Vern, Stefan, and the CAIDA crew. As folks may know we
have a large Darknet project. In there we collect the scanning
activity of malware, backscatter, and the like. Often we can tie the
scanning pattern to a family of malware or maltool.
If the source of a scan or probe is a bogon, we tag it that way in our
data store. I went back to 2008-01 and found the following percentages
of bogons in our data:
2008-08: 0.001258054% (thus far)
That's not a lot of bogon activity in the Darknets, though Darknets are
only one measure of malevolent traffic. Your mileage may vary, etc.
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the NANOG