[AusNOG] Bogon Filtering
Geoff Huston
gih at apnic.net
Mon Feb 13 20:30:46 EST 2012
On 13/02/2012, at 4:31 PM, Mark Newton wrote:
> On Mon, Feb 13, 2012 at 04:22:45PM +1100, Chris Killian wrote:
>
>> Fairly open ended question but does filter these anymore. *Some companies
>> seem to think that as the IPV4 space has been fully allocated this is no
>> longer a requirement. However looking at the bogon lists there are still a
>> huge number of unallocted IPV4 address.
>> What do you guys think.
>
> As someone who has had to spend weeks of his life on several
> occasions trying to convince networks utilizing bogon filtering to
> update themselves because APNIC had started allocating out of a
> new IANA /8 block, I can tell you that anyone who is still bogon
> filtering is causing more harm than good, both to themselves and to
> whatever passes for global internet connectivity these days.
>
> What problem does bogon filtering solve? Nothing that can't also
> be solved with less effort by using firewalls, Ironports, and
> other layer-5+ techniques.
These bogon filters, when they get out of date, are really difficult to
detect. We've been trying an approach (http://labs.apnic.net/blabs/?p=68)
but it's by no means ideal.
Geoff Huston
APNIC
More information about the AusNOG
mailing list