[107071] in North American Network Operators' Group
Re: Is it time to abandon bogon prefix filters?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Aug 25 09:32:59 2008
To: "Tomas L. Byrnes" <tomb@byrneit.net>
In-Reply-To: Your message of "Sun, 24 Aug 2008 23:21:23 PDT."
<70D072392E56884193E3D2DE09C097A9F4E8@pascal.zaphodb.org>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 25 Aug 2008 09:32:45 -0400
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1219671165_3140P
Content-Type: text/plain; charset=us-ascii
On Sun, 24 Aug 2008 23:21:23 PDT, "Tomas L. Byrnes" said:
> You're missing one of the basic issues with bogon sources: they are
> often advertised bogons, IE the bad guy DOES care about getting the
> packets back, and has, in fact, created a way to do so.
But if you've seen a BGP announcement with a prefix that covers the source,
is it really a bogon anymore?
At that point, you're not worrying about bogon filtering, you're worrying
about sanity-checking what BGP advertisements you accept. Also a worthy
thing to do, but different from bogon filtering.
--==_Exmh_1219671165_3140P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIsrR9cC3lWbTT17ARAqiPAJ4vtuCJYa15+x5BBHzdc7Ib8cMYGwCfVZtd
N+1B4lUdTS3qIsz4kK1ldXc=
=sT66
-----END PGP SIGNATURE-----
--==_Exmh_1219671165_3140P--
