[118739] in North American Network Operators' Group
Re: dealing with bogon spam ?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Oct 28 07:25:50 2009
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <29974.1256728447@turing-police.cc.vt.edu>
Date: Wed, 28 Oct 2009 07:25:08 -0400
To: Valdis.Kletnieks@vt.edu
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 28, 2009, at 7:14 AM, Valdis.Kletnieks@vt.edu wrote:
> On Tue, 27 Oct 2009 16:57:17 PDT, Leslie said:
>> We're seeing a decent chunk of spam coming from an unallocated
>> block of
>> address space.
>
> Fear not, this will end when we run out of IPv4 space not too many
> months
> down the road :)
>
> I admit to remaining confused as to why we still keep seeing
> providers who fail
> to do basic due-diligence like BCP38 filtering of packets, or asking
> a new BGP
> peer what they expect to announce and then filter based on that. I
> mean, come
> on guys - sure they may be 6 cents a meg cheaper, but do you really
> want to buy
> connectivity from a provider that can't run their network in a
> proper fashion?
>
> Don't answer that. ;)
I can answer the above question regarding BCP38:
Vendor software defects and architecture limitations make it
challenging to deploy a solution whereby BCP38 can be universally
deployed.
Customers that are unwilling to announce all their space also make
uRPF problematic. I'd like to see 'loose-rpf' universally deployed
myself. There is no reason for unrouted space to have packets sourced
from it. This makes up a fair percentage of traffic that root/gtld
nameservers see (based on conversations i've had with operators over
the years).
If you configure CPE devices and don't utilize anti-spoofing
capabilities on the CPE-Lan, please add that to your templates. It is
helpful to the internet as a whole, while you may not personally see
return on your investment, others will.
- Jared
