They talk about bogon prefixes "for hosts", provide configuration
examples for Cisco ASA firewalls,
On Wed, 8 Mar 2023 at 00:05, William Herrin <bill@herrin.us> wrote:
> Hi Lukas,
>
> If you're using the team cymru bogon list at your customer border,
> you're doing it wrong.
I'm not.
I'm trying to educate people that bogon lists do not belong on hosts,
firewalls or intermediate routers, despite Team-cymru's aggressive
marketing of the opposite, quote:
> THE BOGON REFERENCE
>
> *A bogon prefix should never appear in the Internet routing table*.
> Team Cymru’s Bogon Reference provides several resources for
> the filtering of bogon prefixes from your routers *and hosts*.
> A bogon prefix is a route that should never appear in the Internet
> routing table. A packet routed over the public Internet (not including
> over VPNs or other tunnels) *should never have an address in a
> bogon range.* These are commonly found as the source addresses
> of DDoS attacks.
They either have to make it clear what their bogon list can actually
be used for or they need to drop RFC6598 from the list.
They talk about bogon prefixes "for hosts", provide configuration
examples for Cisco ASA firewalls, at the same time they include
RFC6598 in the list and it's marketing material suggests it can be
used for everything.
You can't have it both ways. Either you provide a list of prefixes to
be dropped on autonomous system borders *and make that clear* or you
provide a list of prefixes that can be dropped in all systems.
Lukas