RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all)
gtaylor at tnetconsulting.net
Wed Mar 8 02:21:08 UTC 2023
On 3/7/23 4:34 PM, Lukas Tribus wrote:
> I'm trying to educate people that bogon lists do not belong on hosts,
> firewalls or intermediate routers, despite Team-cymru's aggressive
> marketing of the opposite, quote:
I don't have any problem with bogon lists being on hosts or intermediate
The think that you have to remember to do is to exclude locally
significant (100.64/10, RFC 1918, et al.) from those filters /or/
account for them in another way.
I have bogons on some hosts /and/ locally significant / more specific
routes to 100.64/16 without any problem.
Bogons is just a list of IPs that shouldn't be on the open Internet.
But that same list can be re-used ~> abused elsewhere without. How that
list is used is installation specific. If you're running default free,
make sure that you remove the bogon prefixes from your routing tables
/and/ /then/ (re)add any locally significant prefixes.
The Team Cymru bogon's list is a tool and like all tools, it can be
mis-used and become a foot gun.
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
More information about the NANOG