Checking bogon status of new address space

Robert E. Seastrom rs at seastrom.com
Tue May 12 06:54:49 CDT 2009


James Hess <mysidia at gmail.com> writes:

>> 29/256 = 11% of the available address space.  My argument is, if
>> someone is scanning you from random source addresses blocking 10%
>> of the scan traffic is reaching a point of very little return for
>> the effort of updating the address lists, and as we all know it is
>> getting smaller and smaller.
>
> Granted, if the filters aren't updated very frequently, they're pretty bad.

That's the usual state of affairs, unfortunately.

> But.. I would suggest, basically, filtering bogons is still great and
> pretty important, it serves as an ongoing deterrant against random
> unruly networks trying to pick up the unassigned  addresses, or
> treating the space as  "Up for grabs" just because some space  happens
> to be unannounced (and unassigned).

Gotta agree with Leo here.  We can't even get people to implement
BCP-38, which is nine years old for crying out loud.  The deployment
level at which bogon filtering is a deterrent to squatting is quite a
bit higher from the point at which it becomes an issue to legitimate
users.

I've considered static bogon filters to be a Worst Current Practice
for years.  If you feel you absolutely must engage in the practice use
a dynamic feed like Cymru's, but honestly, just let it go.

-r












More information about the NANOG mailing list