On Aug 7, 2008, at 2:04 PM, Pete Templin wrote:
Patrick W. Gilmore wrote:
Filter your bogons. But do it in an automated fashion, from a
trusted source.
Of course, I recommend Team Cymru, which has a most sterling
record. Nearly perfect (other than the fact they still recommend
MD5 on BGP sessions :).
How can you recommend Team Cymru, when their product is not in any
way a filter? It is merely an automated method of injecting
aggregate null routes for bogons, but in no way prevents a network
from accepting aggregate or specific bogon announcements (i.e. it
does not _filter_).
HUH?
Team Cymru offers many ways to set up filters, null routes, etc. See <http://www.team-cymru.org/Services/Bogons/
>.
Oh, and to answer Randy's question about how much actually comes from
bogons, on that same page:
<quote>
How much does it help to filter the bogons? In one study conducted by
Rob Thomas of a frequently attacked site, fully 60% of the naughty
packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.). A
presentation based on that study, entitled "60 Days of Basic
Naughtiness," can be viewed here. Your mileage may vary, and you may
opt to filter more conservatively or more liberally. As always, you
must KNOW YOUR NETWORK to understand the effects of such filtering.
</quote>
I guess that means filtering bogons is useful.
--
TTFN,
patrick
