[76211] in North American Network Operators' Group
Re: Bogon filtering (don't ban me)
daemon@ATHENA.MIT.EDU (David Barak)
Fri Dec 3 10:10:41 2004
Date: Fri, 3 Dec 2004 07:08:13 -0800 (PST)
From: David Barak <thegameiam@yahoo.com>
To: "J. Oquendo" <sil@politrix.org>, nanog@nanog.org
In-Reply-To: <Pine.GSO.4.58.0412030042050.18782@kungfunix.net>
Errors-To: owner-nanog-outgoing@merit.edu
--- "J. Oquendo" <sil@politrix.org> wrote:
> I thought about it over and over, and wonder why
> this hasn't been done.
> Any care to beat me with a clue stick or two. I can
> understand the
> arguments of not wanting a vendor to have control of
> some aspect of my
> business, or control over my network, but correct me
> if I am wrong,
> wouldn't this solve a heck of a lot of issues
> concerning network based
> attacks, spam, scumware/spyware/fooware/$*something?
Vendor C has something similar, in their "autosecure"
feature. However, the trouble is that the list of
bogon networks is static, and in fact includes 70/8
among many others. This is (I'm certain) contributing
to the reachability issues that those folks with new
netblocks experience.
A better implementation would be for vendors to
include a "bogon-subscribe server x.x.x.x" feature,
which would simply allow a router to talk to a
centralized bogon server.
However, the complexity of setting up the real-time
BGP bogon feeds is not that hard - anyone who would
use the above command could do it - so I'm not sure
that this requires any new tools.
=====
David Barak
-fully RFC 1925 compliant-
__________________________________
Do you Yahoo!?
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250
