Is it time to abandon bogon prefix filters?

• Previous message (by thread): Is it time to abandon bogon prefix filters?
• Next message (by thread): Is it time to abandon bogon prefix filters?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>> In other words, our earlier estimate of 60% was way off...  you can
>>> get 92.1% effectiveness at bogon filtering by just dropping 1918
>>> addresses, a filter that you will never have to change.
>> my read is that the 60% was an alleged 60% of attacks came from *all*
>> bogon space.  this now seems in the low single digit percentge.  of
>> that, the majority is from 1918 space.
> so is there any case to be made for filtering bogons on
> upstream/peering ingress at all anymore?

maybe low percent is because it is effective.  maybe not

---

man walks into shrink's office waving open newspaper wildly.

shrink asks "why are you waving the newspaper?"

man replies, "it keeps the elephants away."

shrink says, "elephants?  there aren't any elephants for hundreds of
kilometers."

man replies, "pretty effective, isn't it!"

---

personal guess: i suspect that at least rfc1918 filters are worthwhile
if only because we make mistakes.

randy

• Previous message (by thread): Is it time to abandon bogon prefix filters?
• Next message (by thread): Is it time to abandon bogon prefix filters?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]