[95132] in North American Network Operators' Group
Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
daemon@ATHENA.MIT.EDU (Chris L. Morrow)
Thu Mar 1 09:24:29 2007
Date: Thu, 01 Mar 2007 14:22:37 +0000 (GMT)
From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <Pine.LNX.4.61.0703010829370.2752@soloth.lewis.org>
To: Jon Lewis <jlewis@lewis.org>
Cc: Eric Ortega <eric.ortega@midco.net>, nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Thu, 1 Mar 2007, Jon Lewis wrote:
> On Wed, 28 Feb 2007, Eric Ortega wrote:
>
> > I'd like to thank the group for the responses and help with this issue. I
> > find it ironic that Randy's study actually uses 96 space.
>
> The amazing/sad thing is that people have been facing and fixing the same
> problem for more than 4 years. How many times does a network have to fix
> their static bogon filters before coming to the realization that those
> filters are a bad idea?
So, where are static bogon filters appropriate? (loaded question perhaps)
I ask because just about every 'security expert' and 'security whitepaper'
or 'security suggestions' has some portion that speaks to "why it's a
grand idea to have acl-lines/firewall-policy tp block 'bogon' ip space"
(for some definition of 'bogon' of course).
-Chris
