Jon Lewis wrote:
On Thu, 1 Mar 2007, Chris L. Morrow wrote:
So, where are static bogon filters appropriate? (loaded question perhaps) I ask because just about every 'security expert' and 'security whitepaper' or 'security suggestions' has some portion that speaks to "why it's a grand idea to have acl-lines/firewall-policy tp block 'bogon' ip space" (for some definition of 'bogon' of course).
I suppose they're appropriate when done by network security consultants, as it guarantees future / repeat business. :)
I'll second this opinion, As most of DDoS attacks are from zombies, which are in registered networks. Especially I did never see any traffic from so called bogons. Perhaps, bogon acls are helpful when they are configured on backbone, but not everywhere. just my 1E-10 cents :-) -- With best regards, Gregory Edigarov