[107075] in North American Network Operators' Group
Re: Is it time to abandon bogon prefix filters?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Aug 25 11:08:11 2008
To: Chris Marlatt <cmarlatt@rxsec.com>
In-Reply-To: Your message of "Mon, 25 Aug 2008 09:38:00 EDT."
<48B2B5B8.9000707@rxsec.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 25 Aug 2008 11:08:03 -0400
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1219676883_3140P
Content-Type: text/plain; charset=us-ascii
On Mon, 25 Aug 2008 09:38:00 EDT, Chris Marlatt said:
> IIRC "bogon" is specific to unallocated space. Whether it be advertised
> or not should not matter.
Right. Tell that to everybody who's ever been at the wrong end of a bogon
filter for 69/8, 70/8, 71/8...
I'll go out on a limb and say that if you see a BGP announcement for a prefix
you think is a bogon, it's *more* likely that the space is no longer
unallocated and you didn't get the memo, than it's still unallocated but being
pirated by somebody. (Which raises a question - what % of sites that are doing
bogon filtering but *not* listening to something like Team Cymru's bogon feed?
If it's nearly ubiquitous, it's not a big problem. But given the number of
places that have problems with bogon filters, only a small percentage seem to
be doing so...)
At the point that you're doing bogon filtering, you have no way to disambiguate
those two cases. Which is why I said it's a BGP announcement filtering issue.
--==_Exmh_1219676883_3140P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIssrTcC3lWbTT17ARAi+8AKD6/vbzdeJ+oZGZE4asqC1zhdgP6gCfSywz
enBXesa0FpE/HXz8aMN4bLE=
=Xi/G
-----END PGP SIGNATURE-----
--==_Exmh_1219676883_3140P--
