[95180] in North American Network Operators' Group
Re: Where are static bogon filters appropriate? was: 96.2.0.0/16
daemon@ATHENA.MIT.EDU (Peter Dambier)
Sat Mar 3 22:26:10 2007
Date: Sun, 04 Mar 2007 04:25:13 +0100
From: Peter Dambier <peter@peter-dambier.de>
Reply-To: peter@peter-dambier.de
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.64.0703032146500.7046@clifden.donelan.com>
Errors-To: owner-nanog@merit.edu
http://www.completewhois.com/hijacked/files/203.27.251.0.txt
http://www.completewhois.com/hijacked/index.htm
This can proof the opposite.
Malware comes from redirected allocated blocks, not from bogons.
Kind regards
Peter and Karin
Sean Donelan wrote:
>
> On Fri, 2 Mar 2007, Daniel Senie wrote:
>
>> How do you know, if you're the one being attacked and you have no idea
>> if the originating network or their immediate upstream implemented
>> BCP38? Shall we just discard ingress filtering? If few attacks are
>> using it today, should we declare it no longer relevant? At the same
>> time we should ask if we should be x-raying shoes at the airport,
>> since there's only been one guy who tried to blow up his shoes. The
>> larger security question is, "do you stop looking for old threats
>> simply because they're not the most common threats?" How many CodeRed
>> packets flow over the Internet on a typical day? I assure you it's not
>> zero.
>
>
> Show me the data.
>
> How many CodeRed packets originate from unallocated addresses?
>
> Is the proposal actually effective at detecting or protecting against
> the threat? Or is it just a wasted effort for show?
>
> http://www.tsa.gov/press/happenings/kip_hawley_x-ray_remarks.shtm
>
> Instead of dropping packets with unallocated sources addresses, perhaps
> backbones should shutdown interfaces they receive packets from
> unallocated address space. Would this be more effective at both
> stopping the sources of unallocated addresses; as well as sources that
> spoof other addresses because the best way to prevent your interface
> from being shutdown by backbone operators is to be certain you only
> transmit packets with your source addresses.
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@peter-dambier.de
mail: peter@echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
