[AusNOG] New /21 on Bogan / Delinquent Lists
Geoff Huston
gih at apnic.net
Wed Sep 16 20:33:41 EST 2009
On 16/09/2009, at 2:07 PM, Paul Baker wrote:
> Its one measure that we're looking at but by no means a magical
> solution
> as the vast majority of attacks (at least that we've seen) come from
> legitimate source addresses.
Exactly! A lot (all?) of this bogon filter work falls into the
category of what Bruce Schneier called "security pantomime", where
there was the superficial veneer of some security system, but in fact
was without real substance.
For example, one of the more inventive spammers was observed
advertising 61/8 and then using a "vacant" /32 to send the spam. The
traditional bogon filter activity is powerless against that form of
routing subversion.
The point is that the "bad folk" we are dealing with are as informed
and capable as the rest of us, if not more so. And that makes the
various bogon filters and other bits of detritus that clutter up
routers in an effort to filter out routes to the dwindling remnants of
IANA's IPv4 unallocated space fall more in to the category of
pantomime than a useful security response these days.
Geoff - with a personal opinion of course :-)
More information about the AusNOG
mailing list