North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Is it time to abandon bogon prefix filters?
On Aug 7, 2008, at 5:35 PM, Robert E. Seastrom wrote:
Randy Bush <randy@xxxxxxx> writes:
I guess I parsed that differently than you did. When he said "fully 60% of the naughty packets were obvious bogons", I read that as meaning 60% of all bad packets (bogon-sourced or otherwise) were from bogon space.
If my interpretation is correct, you cannot tell anything about which % was from permanently bad space vs. unallocated space.
Rob T., could you clarify for us please?
Also, filtering bogons has the same utility / dangers of MD5. Many people think MD5 is a "good thing", even though the amount of downtime caused by it is (at least) several orders of magnitude larger than the amount of downtime caused by successful RST attacks. I think the danger outweighs the benefit. If you are arguing the same thing here, that's fine with me. But let's find out what the danger is and make the decision. Oh, and then everyone should take their own advice and de-configure MD5. :-)
-- TTFN, patrick