[106874] in North American Network Operators' Group
Re: Is it time to abandon bogon prefix filters?
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Fri Aug 15 09:35:24 2008
From: Marshall Eubanks <tme@multicasttech.com>
To: Randy Bush <randy@psg.com>
In-Reply-To: <48A58414.5090704@psg.com>
Date: Fri, 15 Aug 2008 09:33:45 -0400
Cc: "Robert E. Seastrom" <rs@seastrom.com>, NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Aug 15, 2008, at 9:26 AM, Randy Bush wrote:
>> In other words, our earlier estimate of 60% was way off... you can
>> get 92.1% effectiveness at bogon filtering by just dropping 1918
>> addresses, a filter that you will never have to change.
>
> my read is that the 60% was an alleged 60% of attacks came from *all*
> bogon space. this now seems in the low single digit percentge. of
> that, the majority is from 1918 space.
>
If (trying to reverse engineer this thread) previously 60% of all
attacks
came from bogonspace, and now only 2.96% do, that does not mean that
if the bogon filters are removed, that number will stay at < 3 %. It may
just mean that the filtering is effective.
Regards
Marshall
> randy
>
