RE: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
Well Steve, it's like this: There are (a) security experts, (b) "security experts", and (c) guys that spend their day making things usable in spite of what the rest of the net throws in their AS's direction. You're an example of one, I'm an example of another, and the advocates of static bogon filters are an example of the third. Figuring out which is which is left as an exercise for the reader...
This makes it sound like we are talking about some kind of network security issue. We aren't! The fundamental issue is OPERATIONS and has to do with policy and management of that policy. Bogon filters are an example of a policy implementation. It should be no surprise to anyone in operations that when technical people implement a policy which does not actually exist within the company, there is nobody to manage that policy implementation and it eventually becomes orphaned. One might argue that if a company is not capable of setting a policy and managing that policy, then you should not implement the policy at all. --Michael Dillon
On Mar 2, 2007, at 12:55 AM, <michael.dillon@bt.com> wrote:
One might argue that if a company is not capable of setting a policy and managing that policy, then you should not implement the policy at all.
I think this really goes to the heart of the matter - the inability/ unwillingness to prioritize and allocate resources to properly implement 'good neighbor' policies which are not perceived as having any financial benefit to the organization. So, can this sort of activity somehow be monetized by the SPs, remedied by the vendors, or is it a matter for the standards bodies (or some combination thereof)? ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice The telephone demands complete participation. -- Marshall McLuhan
On Fri, 02 Mar 2007 08:55:42 GMT, michael.dillon@bt.com said:
one, I'm an example of another, and the advocates of static bogon filters are important word alert ------> ^^^^^^
policy and management of that policy. Bogon filters are an example of a policy implementation.
Note that I didn't say bogon filters were a bad idea. I said that the concept of installing a bogon filter and not adjusting it to fit the changing realities over the years was usually(*) a bad idea. (*) usually - if your business model allows you to reliably enumerate the list of sites that you want to talk to, feel free to declare everything outside the 3 /16s you actually need to talk to a "bogon". Note that in the preceding sentence, "reliably" is another important word... :)
participants (3)
-
michael.dillon@bt.com
-
Roland Dobbins
-
Valdis.Kletnieks@vt.edu