nanog mailing list archives
RE: Is it time to abandon bogon prefix filters?
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Sat, 16 Aug 2008 10:58:02 -0700
In the case of routers and firewalls, managing your block lists dynamically is akin to checking the oil. Which is something too few car owners do as well. It's also relatively easy to do: <shameless plug> For firewalls, I came up with ThreatSTOP to make this simple for everyone. </shameless plug> Team Cymru has been doing this for routers forever.
-----Original Message----- From: Sean Donelan [mailto:sean () donelan com] Sent: Friday, August 15, 2008 10:07 AM To: Steven M. Bellovin Cc: NANOG list Subject: Re: Is it time to abandon bogon prefix filters? On Fri, 15 Aug 2008, Steven M. Bellovin wrote:and i am saying that you should use a router configuration*system*that avoids ticking time bombs. no router should be neglected and unloved.That, I think, is why he distinguished between routers runby "highlyclueful people" and routers run by others. I think we all agree on your basic point; it's just that too many people aren'tclueful enoughto realize that they even have a problem, let alone knowhow to solveit. (Of course, you and I both have a background in programming languages and compilers, which is why we naturally think of router configurations as a form of assembler language that only a compiler should every emit.)To avoid people feeling individually insulted, I sometimes try to distinguish between the purposes of equipment rather than the capabilities of the person maintaining it. A NASCAR racing team may perform extensive monitoring and maintenance on their racing cars; but that doesn't mean I should need a team of 5 mechanics to keep my regular street car operating safely with a few idiot lights on the dashboard.
Current thread:
- Re: Is it time to abandon bogon prefix filters?, (continued)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Laurence F. Sheldon, Jr. (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Steven M. Bellovin (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 16)
- Re: Is it time to abandon bogon prefix filters? Joe Malcolm (Aug 15)
- RE: Is it time to abandon bogon prefix filters? Ray Burkholder (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 16)
- RE: Is it time to abandon bogon prefix filters? michael.dillon (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Jeff Aitken (Aug 18)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Steven M. Bellovin (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)