North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: What were we saying about edge filtering?
[multiple response] Christopher L. Morrow wrote:
I don't buy it, Chris. Are you saying that a large backbone provider can't maintain up-to-date bogon filters? In fact, I'd say they would be better at it, and if they were using the filters, then there would be less need for their customers to apply the filters and we'd have less bogon issues in the future.I'm going to take a stab at: The next 126.96.36.199/8 release? Certainly there was some lesson learned from this, no?
Owen DeLong wrote:
> Source address-based filtering in the backbone is expensive and, in
> many cases, non-feasible.
Most vendor equipment is easily capable of handling bogon filtering using any number of methods. This is particular true when filtering packets that are not announced bogons (such as most dDOS spoof attacks), even if announced bogon packets are allowed through.