[106651] in North American Network Operators' Group
Re: Is it time to abandon bogon prefix filters?
daemon@ATHENA.MIT.EDU (Niels Bakker)
Thu Aug 7 19:03:33 2008
Date: Fri, 8 Aug 2008 01:03:21 +0200
From: Niels Bakker <niels=nanog@bakker.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <489B7E48.4070307@psg.com>
Errors-To: nanog-bounces@nanog.org
* randy@psg.com (Randy Bush) [Fri 08 Aug 2008, 00:59 CEST]:
> rob,
>> If the source of a scan or probe is a bogon, we tag it that way in our
>> data store. I went back to 2008-01 and found the following percentages
>> of bogons in our data:
[..]
>> 2008-08: 0.001258054% (thus far)
>
> this is an extremely far cry from 60%. what am i not understanding?
>
> and can you separate reserved (127, ...) and unallocated?
This is scanning of darknets - usually you're interested in what comes
back, i.e. can you 0wn it? so src has to be valid.
(D)DoS of course are much more likely to come closer to the 60% number.
No need to get the SYN+ACKs or the ICMP echo replies back...
-- Niels.
