On Wednesday 17 September 2008 12:55:49 Skywing wrote:
Lamar Owen Wrote: Seems to me getting that IP space on a bogon list could be enough to make a serious dent.
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting.
Seems a similar topic has been here before... hrm... Yep, back around the first of August the subject came up of "Is it time to abandon bogon prefix filters?" in which thread you (among many others) were a participant. I don't have an archive link, sorry, since I used my personal archive of NANOG to find. Seems there are already trust, DoS, etc issues out there, in spades. But if someone wanted to do a 'badon' list and distribute in a similar fashion nothing is preventing folks for subscribing. The various antispam DNSBL's have multiple feeds of different kinds; some enterprising soul could do the same for routing. Will everyone do that? Of course not; some will choose to not, others will simply not care, and others will just ignore. Perhaps it could be called the wish-they-were-bogons list. Then a I-really-wish-they-were-bogons list for just the more severe block. The point made by Christopher Morrow is well taken:
There's the additional issue of allowing a third party to manage/traffic-engineer inside your network which might upset some operations folks. If you can build a list on your own in a reasonable fashion with supporting information and high confidence level that's one story, if this list comes from "someone else" whom you don't even have a billing-relationship with... it's hard to sell that when something bad happens.
Certainly not everyone feels this way (see 'popularity' of the existing RBL/xbl lists) but in a larger network, or one that makes money ...
Folks who use a DNSBL are already letting people in their network, in the e-mail sense at least (and some firewall interfaces to these lists). Those same people would likely not have a problem with a wish-they-were-bogons list. But, yeah, it's like chasing a weasel with an M134 with someone else aiming while you hold down the trigger. For infrastructure notes, see Team Cymru's description page at http://www.team-cymru.org/Services/Bogons/routeserver.html Seems easy enough to duplicate (of course, the devil is in the details, and nothing is as easy as it seems); and making the 'thing' 'do the right thing' is a matter of what routes are actually served by your route-servers. Perhaps a good use for that old Internet backbone router (or wannabe) that can no longer take a full BGP feed.