[95153] in North American Network Operators' Group
RE: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
daemon@ATHENA.MIT.EDU (michael.dillon@bt.com)
Fri Mar 2 03:56:51 2007
Date: Fri, 2 Mar 2007 08:55:42 -0000
From: <michael.dillon@bt.com>
To: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
> Well Steve, it's like this: There are (a) security experts,=20
> (b) "security
> experts", and (c) guys that spend their day making things=20
> usable in spite of
> what the rest of the net throws in their AS's direction. =20
> You're an example of
> one, I'm an example of another, and the advocates of static=20
> bogon filters are
> an example of the third. Figuring out which is which is left=20
> as an exercise
> for the reader...
This makes it sound like we are talking about some=20
kind of network security issue. We aren't!
The fundamental issue is OPERATIONS and has to do with
policy and management of that policy. Bogon filters are
an example of a policy implementation. It should be no
surprise to anyone in operations that when technical people
implement a policy which does not actually exist within
the company, there is nobody to manage that policy
implementation and it eventually becomes orphaned.
One might argue that if a company is not capable of
setting a policy and managing that policy, then you
should not implement the policy at all.
--Michael Dillon
=20
