On Thu, 01 Mar 2007 21:08:59 EST, "Steven M. Bellovin" said:
On Thu, 01 Mar 2007 14:22:37 +0000 (GMT)> "Chris L. Morrow" <christopher.morrow@verizonbusiness.com> wrote:
So, where are static bogon filters appropriate? (loaded question perhaps) I ask because just about every 'security expert' and 'security whitepaper' or 'security suggestions' has some portion that speaks to "why it's a grand idea to have acl-lines/firewall-policy tp block 'bogon' ip space" (for some definition of 'bogon' of course).
Well, not all of us advocate that; see http://www.merit.edu/mail.archives/nanog/2006-01/msg00150.html
Well Steve, it's like this: There are (a) security experts, (b) "security experts", and (c) guys that spend their day making things usable in spite of what the rest of the net throws in their AS's direction. You're an example of one, I'm an example of another, and the advocates of static bogon filters are an example of the third. Figuring out which is which is left as an exercise for the reader...