RE: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]

[<andrew2 () one net>]

Robert E. Seastrom wrote:
> steve () telecomplete co uk writes:
>
> > On Thu, Nov 09, 2006 at 09:26:13AM -0500, Robert Boyle wrote:
> > > At 09:23 AM 11/9/2006, you wrote:
> > > > On Thu, Nov 09, 2006, Robert Boyle wrote:
> > > >
> > > > > You should also create a bogons list for your BGP routes which you
> > > > > accept from your upstream. Block all RFC1918 space and unassigned
> > > > > public addresses too. Just keep on top of it when new allocations
> > > > > are put into use. We see all kinds of crazy things which people
> > > > > try to announce (and successfully too - up to our borders anyway.)
> > > >
> > > > Is there a somewhat-reliable bogon BGP feed that can be subscribed
> > > > to these days?
> > >
> > > We just maintain our own. I remember hearing about one a while ago,
> > > but we don't use it so I don't know any details.
> >
> > I'd strongly advise against folks doing it statically.. there seems
> > to be ongoing issues with stale filters each time new address space
> > is released. Even with the best of intentions folks change role or
> > employer and things can get left unmanaged.
> >
> > The craziest stuff that gets announced isnt in the
> > reserved/unallocated realm anyway so the effort seems to be
> > disproportional to the benefits... and most issues I read about with
> > reserved space is packets coming FROM them not TO them....
>
> Steve's 100% spot-on here.  I don't have bogon filters at all and it
> hasn't hurt me in the least.  I think the notion that this is somehow
> a good practice needs to be quashed.  

Some people don't use condoms with hookers either.  Just because they
haven't caught anything yet doesn't make it a smart practice.

Andrew