In the case of routers and firewalls, managing your block lists dynamically is akin to checking the oil. Which is something too few car owners do as well. It's also relatively easy to do: <shameless plug> For firewalls, I came up with ThreatSTOP to make this simple for everyone. </shameless plug> Team Cymru has been doing this for routers forever.
-----Original Message----- From: Sean Donelan [mailto:sean@donelan.com] Sent: Friday, August 15, 2008 10:07 AM To: Steven M. Bellovin Cc: NANOG list Subject: Re: Is it time to abandon bogon prefix filters?
On Fri, 15 Aug 2008, Steven M. Bellovin wrote:
and i am saying that you should use a router configuration *system* that avoids ticking time bombs. no router should be neglected and unloved.
That, I think, is why he distinguished between routers run by "highly clueful people" and routers run by others. I think we all agree on your basic point; it's just that too many people aren't clueful enough to realize that they even have a problem, let alone know how to solve it. (Of course, you and I both have a background in programming languages and compilers, which is why we naturally think of router configurations as a form of assembler language that only a compiler should every emit.)
To avoid people feeling individually insulted, I sometimes try to distinguish between the purposes of equipment rather than the capabilities of the person maintaining it.
A NASCAR racing team may perform extensive monitoring and maintenance on their racing cars; but that doesn't mean I should need a team of 5 mechanics to keep my regular street car operating safely with a few idiot lights on the dashboard.