On Fri, 26 Nov 2004 alex@pilosoft.com wrote:
Can someone identify the *benefits* of using bogon lists for unallocated space? It appears that it only hurts connectivity, but does not help in any significant way to enhance security.
It makes people feel like they're more secure. It may cut down slightly on junk traffic entering their networks, but I suspect thats an insignifigantly small amount / benefit.
Possibly, whoever are the vendors of software that recommends this practice (and authors of security handbooks) should be show the error of their ways?
Unfortunately, there are many sources that advocate/demonstrate how to do these filters, some of which still have their examples out of date wrt current IANA assignments. The problem isn't so much the idea, but the implementation. Static unmaintained filters pretty much guaranteed to become a problem at some point. And yeah, if nobody could spoof, and everyone filtered customer BGP announcements, there'd be no need at all (not that there really is one now) for these filters. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________