[58002] in North American Network Operators' Group
Re: Who is announcing bogons?
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Tue Apr 29 05:25:44 2003
Date: Tue, 29 Apr 2003 10:24:32 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0304282105470.23794-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 28 Apr 2003, Sean Donelan wrote:
>
> On Mon, 28 Apr 2003, Rob Thomas wrote:
> > ] Rob, on the other hand, has gained a lot of trust in maintaining
> > ] a highly accurate list.
> > Thanks very much. :) I can't accept all the credit though. My thanks
> > go out to all the members of Team Cymru.
>
> Unfortunately, no good deed goes unpunished. Jon Postel did a great
> job maintaining the list of IP addresses. Paul Vixie did a great job
> with the first Real-Time Blackhole List. But people move on, and things
> change.
>
> But my real question is why are negative bogon lists necessary? If you
> ask providers, they all say they implement positive prefix list filters
> on all their customers. So who is injecting the bogons? And why do they
> still have a network connection?
>
> Should we be spending time teaching people how to do positive prefix
> filters, or trying to explain to them why the negative prefix filter
> the last network administrator installed 2 years ago is out of date.
>
> What is the cross-over point? When does the number of lines in a bogon
> list become larger than the positive prefix filter? If you are going to
> list every sub-allocation which isn't routed, why not just list the
> allocations which should be routed?
Alternatively monitor the BGP table and pull out the bogons then produce a list
of them along with AS path info, possibly sending out to the list to the
upstreams as well as nanog.
Steve
