RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all)

Tue Mar 7 23:45:29 UTC 2023

>
> They talk about bogon prefixes "for hosts", provide configuration
> examples for Cisco ASA firewalls,
>

Which are perfectly valid use cases for some networks / situations.

On Tue, Mar 7, 2023 at 6:35 PM Lukas Tribus <lukas at ltri.eu> wrote:

> On Wed, 8 Mar 2023 at 00:05, William Herrin <bill at herrin.us> wrote:
> > Hi Lukas,
> >
> > If you're using the team cymru bogon list at your customer border,
> > you're doing it wrong.
>
> I'm not.
>
> I'm trying to educate people that bogon lists do not belong on hosts,
> firewalls or intermediate routers, despite Team-cymru's aggressive
> marketing of the opposite, quote:
>
> > THE BOGON REFERENCE
> >
> > *A bogon prefix should never appear in the Internet routing table*.
> > Team Cymru’s Bogon Reference provides several resources for
> > the filtering of bogon prefixes from your routers *and hosts*.
>
>
> > A bogon prefix is a route that should never appear in the Internet
> > routing table. A packet routed over the public Internet (not including
> > over VPNs or other tunnels) *should never have an address in a
> > bogon range.* These are commonly found as the source addresses
> > of DDoS attacks.
>
> They either have to make it clear what their bogon list can actually
> be used for or they need to drop RFC6598 from the list.
>
> They talk about bogon prefixes "for hosts", provide configuration
> examples for Cisco ASA firewalls, at the same time they include
> RFC6598 in the list and it's marketing material suggests it can be
> used for everything.
>
>
> You can't have it both ways. Either you provide a list of prefixes to
> be dropped on autonomous system borders *and make that clear* or you
> provide a list of prefixes that can be dropped in all systems.
>
>
>
> Lukas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230307/0ac5b328/attachment.html>