Checking bogon status of new address space

Leo Bicknell bicknell at
Fri May 8 12:39:55 CDT 2009

In a message written on Fri, May 08, 2009 at 12:27:29PM -0500, Rob Thomas wrote:
> This is the primary reason we removed the static bogon lists from our
> Secure [BIND|IOS|BGP] Templates.  My thanks to Randy Bush (and a few
> other folks) for the suggestion.

I want to thank Team Cymru for their effort in maintaining this
list over time, it's done a lot of people a lot of good.

I would also like to recommend that it's time to completely update
the text on to reflect
the new reality.  Looking at (bogns, bit
notation, not aggregated) I see there are only 39 entries in the
list.  Ten of these entries are martians, and should remain:

The other 29 are the unallocated /8's:

29/256 = 11% of the available address space.  My argument is, if
someone is scanning you from random source addresses blocking 10%
of the scan traffic is reaching a point of very little return for
the effort of updating the address lists, and as we all know it is
getting smaller and smaller.

To that end, I believe the recommendation should be to move to a
martian-only filter over the next 12-24 months.  This lines up with
the time frame at which all /8's are likely to be allocated.  Of
course the full list of unallocated /8's should still be produced
for those who want it, I'm not advocating that anything go away,
just that I feel like we are at the point where the value of the
list is lower than the effort to maintain it for the /average/ user
of the list.

I think this is in-line with the removal of the static bogon filters
from the secure templates and would provide better advice to people
reading the document for the first time.

       Leo Bicknell - bicknell at - CCIE 3440
        PGP keys at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list