[106875] in North American Network Operators' Group
Re: Is it time to abandon bogon prefix filters?
daemon@ATHENA.MIT.EDU (Robert E. Seastrom)
Fri Aug 15 09:37:25 2008
To: Randy Bush <randy@psg.com>
From: "Robert E. Seastrom" <rs@seastrom.com>
Date: Fri, 15 Aug 2008 09:34:48 -0400
In-Reply-To: <48A58414.5090704@psg.com> (Randy Bush's message of "Fri,
15 Aug 2008 06:26:44 -0700")
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Randy Bush <randy@psg.com> writes:
>> In other words, our earlier estimate of 60% was way off... you can
>> get 92.1% effectiveness at bogon filtering by just dropping 1918
>> addresses, a filter that you will never have to change.
>
> my read is that the 60% was an alleged 60% of attacks came from *all*
> bogon space. this now seems in the low single digit percentge. of
> that, the majority is from 1918 space.
so is there any case to be made for filtering bogons on
upstream/peering ingress at all anymore?
(this discussion is orthogonal to bcp38/urpf, which i think we all
agree is a good thing and would be great if we could get it further
deployed)
---rob
