[106585] in North American Network Operators' Group
Re: Is it time to abandon bogon prefix filters?
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Aug 6 10:55:55 2008
From: "Patrick W. Gilmore" <patrick@ianai.net>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <4899B502.1090407@cymru.com>
Date: Wed, 6 Aug 2008 10:55:44 -0400
Errors-To: nanog-bounces@nanog.org
On Aug 6, 2008, at 10:28 AM, Rob Thomas wrote:
> This makes sense especially for static filters. Automated feeds,
> such as the bogon route-server or DNS zones, leaves folks with
> options.
Honestly, I don't believe the 80/20 rules applies here.
Until all transit networks are willing to strictly filter their
downstreams (and themselves!), if there is any unused space (note I
said "unused", not "unallocated"), the miscreants will use it. They
are not going around saying "oh, damn, there are only a few /8s left,
we better stop!".
Filter your bogons. But do it in an automated fashion, from a trusted
source.
Of course, I recommend Team Cymru, which has a most sterling record.
Nearly perfect (other than the fact they still recommend MD5 on BGP
sessions :).
--
TTFN,
patrick
