[95151] in North American Network Operators' Group
Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Mar 1 21:53:27 2007
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>,
Jon Lewis <jlewis@lewis.org>, Eric Ortega <eric.ortega@midco.net>,
nanog@merit.edu
In-Reply-To: Your message of "Thu, 01 Mar 2007 21:08:59 EST."
<20070302020859.760D57660F9@berkshire.machshav.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 01 Mar 2007 21:52:16 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1172803936_5389P
Content-Type: text/plain; charset=us-ascii
On Thu, 01 Mar 2007 21:08:59 EST, "Steven M. Bellovin" said:
> On Thu, 01 Mar 2007 14:22:37 +0000 (GMT)> "Chris L. Morrow" <christopher.morrow@verizonbusiness.com> wrote:
> > So, where are static bogon filters appropriate? (loaded question
> > perhaps) I ask because just about every 'security expert' and
> > 'security whitepaper' or 'security suggestions' has some portion that
> > speaks to "why it's a grand idea to have acl-lines/firewall-policy tp
> > block 'bogon' ip space" (for some definition of 'bogon' of course).
> Well, not all of us advocate that; see
> http://www.merit.edu/mail.archives/nanog/2006-01/msg00150.html
Well Steve, it's like this: There are (a) security experts, (b) "security
experts", and (c) guys that spend their day making things usable in spite of
what the rest of the net throws in their AS's direction. You're an example of
one, I'm an example of another, and the advocates of static bogon filters are
an example of the third. Figuring out which is which is left as an exercise
for the reader...
--==_Exmh_1172803936_5389P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFF55FgcC3lWbTT17ARApdnAKD0kjQyip6q3bvbfEN3DEuiyJtQGwCcD37F
s3T/YfrksWMCXccxm+Nm8Vs=
=BucT
-----END PGP SIGNATURE-----
--==_Exmh_1172803936_5389P--
