
In a message written on Fri, May 08, 2009 at 12:27:29PM -0500, Rob Thomas wrote:
This is the primary reason we removed the static bogon lists from our Secure [BIND|IOS|BGP] Templates. My thanks to Randy Bush (and a few other folks) for the suggestion.
I want to thank Team Cymru for their effort in maintaining this list over time, it's done a lot of people a lot of good. I would also like to recommend that it's time to completely update the text on http://www.cymru.com/Documents/bogon-list.html to reflect the new reality. Looking at http://www.cymru.com/Documents/bogon-bn-nonagg.txt (bogns, bit notation, not aggregated) I see there are only 39 entries in the list. Ten of these entries are martians, and should remain: 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 192.168.0.0/16 198.18.0.0/15 223.0.0.0/8 224.0.0.0/3 The other 29 are the unallocated /8's: 1.0.0.0/8 2.0.0.0/8 5.0.0.0/8 14.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/8 37.0.0.0/8 39.0.0.0/8 42.0.0.0/8 46.0.0.0/8 49.0.0.0/8 50.0.0.0/8 100.0.0.0/8 101.0.0.0/8 102.0.0.0/8 103.0.0.0/8 104.0.0.0/8 105.0.0.0/8 106.0.0.0/8 107.0.0.0/8 175.0.0.0/8 176.0.0.0/8 177.0.0.0/8 179.0.0.0/8 181.0.0.0/8 182.0.0.0/8 185.0.0.0/8 29/256 = 11% of the available address space. My argument is, if someone is scanning you from random source addresses blocking 10% of the scan traffic is reaching a point of very little return for the effort of updating the address lists, and as we all know it is getting smaller and smaller. To that end, I believe the recommendation should be to move to a martian-only filter over the next 12-24 months. This lines up with the time frame at which all /8's are likely to be allocated. Of course the full list of unallocated /8's should still be produced for those who want it, I'm not advocating that anything go away, just that I feel like we are at the point where the value of the list is lower than the effort to maintain it for the /average/ user of the list. I think this is in-line with the removal of the static bogon filters from the secure templates and would provide better advice to people reading the document for the first time. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/