[78043] in North American Network Operators' Group
RE: Please Check Filters - BOGON Filtering IP Space
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Thu Feb 17 03:06:13 2005
Date: Thu, 17 Feb 2005 09:59:24 +0200
To: Sean Donelan <sean@donelan.com>,
Kunjal Trivedi <kutrived@cisco.com>
From: Hank Nussbacher <hank@mail.iucc.ac.il>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0502161723410.3237@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 05:27 PM 16-02-05 -0500, Sean Donelan wrote:
>On Wed, 16 Feb 2005, Kunjal Trivedi wrote:
> > Due to the feedback we've received on the Autosecure bogon list issue,
> we've
> > decided to do the following:
> >
> > 1) Provide a fix that removes bogon ACL creation and deployment from the
> > Autosecure feature. This change will be available in mainline and
> > maintenance software releases. For the software release details, please
> > refer to 2.
> >
> > 2) A Cisco Field Notice will be published to inform customers of the change
> > and will contain instructions on how to remove the bogon ACLs created by
> > executing the autosecure command.
> >
> > We'll update the list with the Field Notice URL as soon as it's available.
> > Tentative date for FN posting is 18th February 2005.
>
>The pendulum swings too far in the other direction.
Sure would have been nice if Cisco had asked/polled a number of key
customers to get an idea of what we wanted, rather than to know what they
thought we wanted.
>Martian addresses are relatively static, and might be good candidates for
>one-click security. If you see a 127.0.0.0/8 packet floating around, its
>probably up to no good.
As are RFC1918 addresses.
Oh well.
-Hank
