[106893] in North American Network Operators' Group
Re: Is it time to abandon bogon prefix filters?
daemon@ATHENA.MIT.EDU (Robert E. Seastrom)
Fri Aug 15 11:55:36 2008
To: Randy Bush <randy@psg.com>
From: "Robert E. Seastrom" <rs@seastrom.com>
Date: Fri, 15 Aug 2008 11:54:48 -0400
In-Reply-To: <48A59E36.6070104@psg.com> (Randy Bush's message of "Fri,
15 Aug 2008 08:18:14 -0700")
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Randy Bush <randy@psg.com> writes:
>>> Again, I think bogon filters are a bad idea for unmanaged or
>>> semi-managed routers (or inclusion as a "default" in anything,
>>> i.e. Cisco's auto-secure).
>>
>> You make a very good point about the difference between routers that
>> are being routinely maintained by highly clueful people and routers
>> that are in the field and untouched/unloved for months to years at a
>> time.
>
> in the field != untouched/unloved
That's why I used the conjunction "and".
> i contend that all one's routers should be rigorously configured as
> programmatically as possible.
Not sure what you mean by this, but the painful reality is that most
stuff, once deployed, gets promptly forgotten about, much the same as
you might ignore a wall wart power supply under your desk until it
started smelling funny or stopped delivering electricity. Thus, I
contend that one's routers should be configured to avoid ticking time
bombs. As smb so eloquently just asserted, "availability is a
security issue too".
-r
