[61781] in North American Network Operators' Group
Re: What were we saying about edge filtering?
daemon@ATHENA.MIT.EDU (Jack Bates)
Thu Sep 4 15:01:51 2003
Date: Thu, 04 Sep 2003 13:33:43 -0500
From: Jack Bates <jbates@brightok.net>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: Matthew Sullivan <matthew@sorbs.net>, nanog@merit.edu,
owen@delong.com
In-Reply-To: <Pine.GSO.4.53.0309041652210.171@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
[multiple response]
Christopher L. Morrow wrote:
> I'm going to take a stab at: The next 69.0.0.0/8 release? Certainly there
> was some lesson learned from this, no?
I don't buy it, Chris. Are you saying that a large backbone provider
can't maintain up-to-date bogon filters? In fact, I'd say they would be
better at it, and if they were using the filters, then there would be
less need for their customers to apply the filters and we'd have less
bogon issues in the future.
Owen DeLong wrote:
> Source address-based filtering in the backbone is expensive and, in
> many cases, non-feasible.
Most vendor equipment is easily capable of handling bogon filtering
using any number of methods. This is particular true when filtering
packets that are not announced bogons (such as most dDOS spoof attacks),
even if announced bogon packets are allowed through.
-Jack
