North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Is it time to abandon bogon prefix filters?
Randy Bush <randy@xxxxxxx> writes: >> In other words, our earlier estimate of 60% was way off... you can >> get 92.1% effectiveness at bogon filtering by just dropping 1918 >> addresses, a filter that you will never have to change. > > my read is that the 60% was an alleged 60% of attacks came from *all* > bogon space. this now seems in the low single digit percentge. of > that, the majority is from 1918 space. so is there any case to be made for filtering bogons on upstream/peering ingress at all anymore? (this discussion is orthogonal to bcp38/urpf, which i think we all agree is a good thing and would be great if we could get it further deployed) ---rob