[76306] in North American Network Operators' Group
Re: Bogon filtering (don't ban me)
daemon@ATHENA.MIT.EDU (Patrick W Gilmore)
Sun Dec 5 15:12:53 2004
In-Reply-To: <Pine.LNX.4.44.0412052106440.27802-100000@uplift.swm.pp.se>
Cc: Patrick W Gilmore <patrick@ianai.net>
From: Patrick W Gilmore <patrick@ianai.net>
Date: Sun, 5 Dec 2004 15:12:25 -0500
To: NANOG <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Dec 5, 2004, at 3:08 PM, Mikael Abrahamsson wrote:
> On Sun, 5 Dec 2004, J=F8rgen Hovland wrote:
>
>> Blocking bogons will result in that attackers use existing netblocks
>> instead. This will again result in more insecureness since any attack=20=
>> will
>
> If the people making attack code would stay out of 224.0.0.0/4 space=20=
> (both
> for dest and src) it would be a big improvement.
And if the people making attack code were forced to use real IP=20
address, or, put another way, if you could guarantee that the source IP=20=
address on an attack packet was the actual source of the attack, it=20
would help in tracking attacks.
Before you say "we know where bot-net attacks are originating, but=20
cannot get them to stop", that is another problem. As Rob said,=20
problems are solved in steps, not with one wave of the magic wand. And=20=
saying "step one won't solve the problem so we shouldn't even start" is=20=
not, IMHO, a good idea.
--=20
TTFN,
patrick=
