Is it time to abandon bogon prefix filters?

Sean Donelan sean at donelan.com
Tue Aug 26 02:28:04 CDT 2008


On Sun, 24 Aug 2008, Tomas L. Byrnes wrote:
> You're missing one of the basic issues with bogon sources: they are
> often advertised bogons, IE the bad guy DOES care about getting the
> packets back, and has, in fact, created a way to do so.
>
> This is usually VERY BAD traffic, and EVEN WORSE if a user goes TO a
> site hosted in such IP space.
>
> So, Bogon filtering has value beyond mere spoofed source rejection.


Unmanaged (or semi-managed) routers probably should not be running
BGP or other exterior routing protocols.  Unmanaged routers with BGP
provide more opportunities to create havoc and mischief.








More information about the NANOG mailing list