Checking bogon status of new address space

Owen DeLong owen at delong.com
Fri May 8 13:49:01 CDT 2009


>
> 29/256 = 11% of the available address space.  My argument is, if
> someone is scanning you from random source addresses blocking 10%
> of the scan traffic is reaching a point of very little return for
> the effort of updating the address lists, and as we all know it is
> getting smaller and smaller.
>
True, but, random is not the only thing at issue here. It is popular for
fraudulent web sites to set up within these unallocated /8s, and,
having them rejected by route filters is a good thing.

Having Team Cymru able to further deploy lists of addresses
with no valid POCs will be an additional win in this arena, and,
I encourage them to do so.

> To that end, I believe the recommendation should be to move to a
> martian-only filter over the next 12-24 months.  This lines up with
> the time frame at which all /8's are likely to be allocated.  Of
> course the full list of unallocated /8's should still be produced
> for those who want it, I'm not advocating that anything go away,
> just that I feel like we are at the point where the value of the
> list is lower than the effort to maintain it for the /average/ user
> of the list.
>
I think that's premature at best, and, a boon to abuse at worst.

Owen





More information about the NANOG mailing list