North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is it time to abandon bogon prefix filters?

  • From: Patrick W. Gilmore
  • Date: Thu Aug 07 14:52:52 2008
On Aug 7, 2008, at 2:04 PM, Pete Templin wrote:
Patrick W. Gilmore wrote:

Filter your bogons. But do it in an automated fashion, from a trusted source.
Of course, I recommend Team Cymru, which has a most sterling record. Nearly perfect (other than the fact they still recommend MD5 on BGP sessions :).

How can you recommend Team Cymru, when their product is not in any way a filter? It is merely an automated method of injecting aggregate null routes for bogons, but in no way prevents a network from accepting aggregate or specific bogon announcements (i.e. it does not _filter_).

HUH?

Team Cymru offers many ways to set up filters, null routes, etc. See <http://www.team-cymru.org/Services/Bogons/ >.

Oh, and to answer Randy's question about how much actually comes from bogons, on that same page:

<quote>
How much does it help to filter the bogons? In one study conducted by Rob Thomas of a frequently attacked site, fully 60% of the naughty packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.). A presentation based on that study, entitled "60 Days of Basic Naughtiness," can be viewed here. Your mileage may vary, and you may opt to filter more conservatively or more liberally. As always, you must KNOW YOUR NETWORK to understand the effects of such filtering.
</quote>

I guess that means filtering bogons is useful.

--
TTFN,
patrick