[118766] in North American Network Operators' Group
Re: dealing with bogon spam ?
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Wed Oct 28 15:00:23 2009
Date: Wed, 28 Oct 2009 19:59:15 +0100
From: Jeroen Massar <jeroen@unfix.org>
To: Leslie <leslie@craigslist.org>
In-Reply-To: <4AE876DF.8070300@craigslist.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig31895C81A91900D62670D023
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Leslie wrote:
> John Kristoff wrote:
>> I suppose if there is interest and a need we could do this. Shoot
>> myself or the team (info@cymru.com) a note off list if you have
>> thoughts on the matter or simply want to provide some feedback into
>> such a service and how it might best be used. We're always on the loo=
k
>> out for things we can do to help.
>
> My big issue isn't the larger blocks, it's the smaller unallocated
> blocks - which anyone with a not-too-strict transit provider could
> easily steal and abuse. Getting the allocated space is just another wa=
y
> of finding the smaller unallocated blocks (with a bit of extra work)
The problem though with BGP is that when you have say a NonAllocatedFeed
containing 10.0.0.0/8 then when somebody else announced 10.1.2.0/24 (or
any other more specific) it will perfectly work. Unless you are able to
pull of some tricks in hardware based routers (software based ones you
can of course modify to do whatever you want but might not be the right
thing to run in some scenarios).
As such, pulling the delegated files and generating prefix filters
yourself, which you most likely have anyway for things like blackholing
prefixes you otherwise also don't want to talk too....
And don't forget to source-filter those prefixes too :)
Greets,
Jeroen
--------------enig31895C81A91900D62670D023
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
iEYEARECAAYFAkrolIYACgkQKaooUjM+fCMoJQCgueVWTTQpmyJ/DHxLJKaYCIOY
NQEAoJOPr0SxGBIuhTm5ms5YOVSi22Q0
=OhFQ
-----END PGP SIGNATURE-----
--------------enig31895C81A91900D62670D023--
