[122357] in North American Network Operators' Group
Re: CYMRU Bogon Peering
daemon@ATHENA.MIT.EDU (Steve Bertrand)
Fri Feb 12 16:11:11 2010
Date: Fri, 12 Feb 2010 16:10:30 -0500
From: Steve Bertrand <steve@ibctech.ca>
To: Thomas Magill <tmagill@providecommerce.com>
In-Reply-To: <FA2E47FFA50291418803D2E7C1DF07F30A286CE1@SDEXCL01.Proflowers.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Thomas Magill wrote:
> In efforts to further protect us against threats I am considering
> establishing Bogon peers to enable me to filter unallocated address
> space. I am just wondering if this is a worthwhile step to take and if
> anyone has ran into any issues or points of concern that I may want to
> take into account. Thanks in advance for any input.
I've used the service for a couple of years, and I find it works
wonderfully. Newly distributed IANA blocks are removed promptly, so no
need to worry about that.
I peer with Cymru on my RTBH trigger boxes, which then redistribute the
list to all edge gear which blackholes it (dest and source) thanks to uRPF.
No manual config or rule manipulation.
Steve
