On Tue, Jun 04, 2002 at 10:30:33AM -0500, Rob Thomas wrote:
For a while folks have asked me to add an aggregated ACL, prefix-list, or black hole routes to the various templates on my site. I've avoided this for a variety of reasons, and decided to create the best of all worlds - the bogon list. :)
This list includes the bogons, in both aggregated and non-aggregated form. The list includes bit notation, dotted decimal, and Cisco ACL styles. This is handy for blocking the bogons, egress and ingress, at your borders. Take a peek at it here:
http://www.cymru.com/Documents/bogon-list.html
Comments and feedback are VERY welcome! Be the first in your ASN to join the CREDITS section. :)
The problem with bogon lists is that they change on a fairly regular basis, for example each time a registry is given a new /8 to allocate from. This makes the role of maintaining an "offical" list of bogons somewhat important, and the job of updating them somewhat annoying. :) But, most of your list looks like RFC1918, link-local, and the /8's that havn't been allocated. This is pretty simple to obtain, but not very comprehensive. Off hand just in the reserved section, I see missing: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/17 And probably lots more if you go mine the database (and assuming you're willing to make a committment for life to continue watching the database for when they stop being reserved :P). Then we come to the extra bogons like exchange point allocations. Can't forget them. :) I'd suggest you try to work on a database of the bogons with various flags so people can make their own policy decisions. For example, I would agree with filtering all of these from my routing table, but not with filtering RFC1918 space or exchange point routes (at least not on the border device connecting to it :P) from source addresses. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)