James Hess <mysidia@gmail.com> writes:
29/256 = 11% of the available address space. My argument is, if someone is scanning you from random source addresses blocking 10% of the scan traffic is reaching a point of very little return for the effort of updating the address lists, and as we all know it is getting smaller and smaller.
Granted, if the filters aren't updated very frequently, they're pretty bad.
That's the usual state of affairs, unfortunately.
But.. I would suggest, basically, filtering bogons is still great and pretty important, it serves as an ongoing deterrant against random unruly networks trying to pick up the unassigned addresses, or treating the space as "Up for grabs" just because some space happens to be unannounced (and unassigned).
Gotta agree with Leo here. We can't even get people to implement BCP-38, which is nine years old for crying out loud. The deployment level at which bogon filtering is a deterrent to squatting is quite a bit higher from the point at which it becomes an issue to legitimate users. I've considered static bogon filters to be a Worst Current Practice for years. If you feel you absolutely must engage in the practice use a dynamic feed like Cymru's, but honestly, just let it go. -r