Is it time to abandon bogon prefix filters?
Robert E. Seastrom
rs at seastrom.com
Fri Aug 15 10:54:48 CDT 2008
Randy Bush <randy at psg.com> writes:
>>> Again, I think bogon filters are a bad idea for unmanaged or
>>> semi-managed routers (or inclusion as a "default" in anything,
>>> i.e. Cisco's auto-secure).
>> You make a very good point about the difference between routers that
>> are being routinely maintained by highly clueful people and routers
>> that are in the field and untouched/unloved for months to years at a
> in the field != untouched/unloved
That's why I used the conjunction "and".
> i contend that all one's routers should be rigorously configured as
> programmatically as possible.
Not sure what you mean by this, but the painful reality is that most
stuff, once deployed, gets promptly forgotten about, much the same as
you might ignore a wall wart power supply under your desk until it
started smelling funny or stopped delivering electricity. Thus, I
contend that one's routers should be configured to avoid ticking time
bombs. As smb so eloquently just asserted, "availability is a
security issue too".
More information about the NANOG