"Patrick W. Gilmore" <patrick@ianai.net> writes:
How much does it help to filter the bogons? In one study conducted by Rob Thomas of a frequently attacked site, fully 60% of the naughty packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.)
Stated another way, you can get 60% success on bogon filtering by ignoring the free pool (which is getting smaller over time which indicates the value in filtering it is asymptotic to zero) and only filtering obvious crud, whose definition is not going to change over time. In other words, Leo is right, and I'd submit that we're past the point where putting in non-auto-updated filters for the free pool has a value that exceeds the operational cost of dealing with their lossage... by a couple of years. -r