They talk about bogon prefixes "for hosts", provide configuration examples for Cisco ASA firewalls,
Which are perfectly valid use cases for some networks / situations. On Tue, Mar 7, 2023 at 6:35 PM Lukas Tribus <lukas@ltri.eu> wrote:
On Wed, 8 Mar 2023 at 00:05, William Herrin <bill@herrin.us> wrote:
Hi Lukas,
If you're using the team cymru bogon list at your customer border, you're doing it wrong.
I'm not.
I'm trying to educate people that bogon lists do not belong on hosts, firewalls or intermediate routers, despite Team-cymru's aggressive marketing of the opposite, quote:
THE BOGON REFERENCE
*A bogon prefix should never appear in the Internet routing table*. Team Cymru’s Bogon Reference provides several resources for the filtering of bogon prefixes from your routers *and hosts*.
A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) *should never have an address in a bogon range.* These are commonly found as the source addresses of DDoS attacks.
They either have to make it clear what their bogon list can actually be used for or they need to drop RFC6598 from the list.
They talk about bogon prefixes "for hosts", provide configuration examples for Cisco ASA firewalls, at the same time they include RFC6598 in the list and it's marketing material suggests it can be used for everything.
You can't have it both ways. Either you provide a list of prefixes to be dropped on autonomous system borders *and make that clear* or you provide a list of prefixes that can be dropped in all systems.
Lukas