Re: IPv6 PI block is announced - update your filters 2620:0000::/23
Gert Doering wrote:
Does the policy really permit /40.../47 assignments?
http://www.arin.net/registration/guidelines/ipv6_assignment.html#step2 -- If you're never wrong, you're not trying hard enough
[...] Call me naive, but could somebody enlighten me as to what tangible benefit filtering out bogon space actually achieves? It strikes me that it causes more headaches than it solves.
Call me naive, but could somebody enlighten me as to what tangible benefit filtering out bogon space actually achieves? It strikes me that it causes more headaches than it solves.
the theory is that it means you have no route to send responses back to an attacker who uses tcp, i.e. a spammer. the practice is that spammers use holes or super-blocks of allocated, i.e. not bogon, space. they are not stupid. so your point is well taken. randy
On Fri, 15 Sep 2006, Randy Bush wrote:
Call me naive, but could somebody enlighten me as to what tangible benefit filtering out bogon space actually achieves? It strikes me that it causes more headaches than it solves.
the theory is that it means you have no route to send responses back to an attacker who uses tcp, i.e. a spammer.
IANA-based data bogon filters are in fact mostly useful to filter attack issues using udp-based and similar protocols that don't require session establishment.
the practice is that spammers use holes or super-blocks of allocated, i.e. not bogon, space. they are not stupid.
It is still bogon space and completewhois bogon list catches most of those. Those that don't get caught are the ones where allocation exists but ip space is not being used (i.e. not advertised in bgp) and then doing super-block works for the spammer (there are ways to filter that as well actually but you ran risk of filtering those doing aggregation). And do remember that original question was about IPv6 allocation. Personally I don't know any spammers using ipv6 bogon space [yet]...
so your point is well taken.
randy
Yes, please, let's have that flamewar all over again... Or you could just read one or more of the previous flamewars and spare us another round. Here's a starting point: http://merit.edu/cgi-bin/swish/swish.cgi?query=bogon+filtering&submit=Search%21&si=0&si=6&dr_o=12&dr_s_mon=9&dr_s_day=15&dr_s_year=2006&dr_e_mon=9&dr_e_day=15&dr_e_year=2006 Peter Corlett wrote:
[...]
Call me naive, but could somebody enlighten me as to what tangible benefit filtering out bogon space actually achieves? It strikes me that it causes more headaches than it solves.
Yes, please, let's have that flamewar all over again... Or you couldjust read one or more of the previous flamewars and spare us another round. Here's a starting point:
The problem with this suggestion is that it doesn't have an end-point. If someone would summarize both the pros and the cons of bogon filtering on a page at http://nanog.cluepon.net then it would be reasonable to say that the poster should go elsewhere for their information. Until people actually populate that wiki with useful information, we just have to accept that things will be rehashed and rehashed on this list. --Michael Dillon
Call me naive, but could somebody enlighten me as to what tangible benefit filtering out bogon space actually achieves? It strikes me that it causes more headaches than it solves.
All packets arriving from bogon space have the "evil bit" set. There's nobody there you want to talk to, and there's nobody there that your users really want to talk to, even if they got the address from some "legitimate" source like the DNS server for examplebank.com. IPv6 bogons aren't likely to be spammers, because there's not enough critical mass there yet to make it worthwhile, but that just means that the greedy6 bit hasn't been implemented widely, and that'll eventually get fixed. -- ---- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.
participants (7)
-
Albert Meyer
-
Bill Stewart
-
Doug Barton
-
Michael.Dillonļ¼ btradianz.com
-
Peter Corlett
-
Randy Bush
-
william(at)elan.net