[91272] in North American Network Operators' Group
Re: Best practices inquiry: filtering 128/1
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Jul 11 17:22:52 2006
In-Reply-To: <87u05o7k0x.fsf@mid.deneb.enyo.de>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>, nanog@merit.edu
From: Joe Abley <jabley@ca.afilias.info>
Date: Tue, 11 Jul 2006 17:22:16 -0400
To: Florian Weimer <fw@deneb.enyo.de>
Errors-To: owner-nanog@merit.edu
On 11-Jul-2006, at 02:06, Florian Weimer wrote:
> * Patrick W. Gilmore:
>
>> Actually, I take that back. Why wouldn't you just get a feed from
>> Cymru <http://www.cymru.com/Bogons/index.html> ??
>
> I don't think Team Cymru offers a "feed" of what is supposed to be in
> the routing table.
No, but they offer a feed of what is not supposed to be there.
http://www.cymru.com/BGP/bogon-rs.html
> The correct approach would be to verify prefixes using somewhat
> indepedent. more static data, such as RPSL data from RIRs.
That might be more correct in theory, but in practice it depends on
RPSL data stored by RIRs being accurate. Although this is a
reasonable dependency in some corners of the network, it's entirely
impractical (on its own) if you're seeking to filter a full table.
As one of many contributing hints to whether a particular filter is
worth accepting, it might be useful though (along the lines that
SpamAssassin doesn't necessarily reply on any one reason to brand a
message as spam, but builds a score based on all kinds of tests).
There was a relevant presentation in LA:
http://www.nanog.org/mtg-0510/deleskie.html
Joe
