From: Jason Frisvold (no email)
Date: Sun Mar 04 2007 - 15:48:03 EST
On 3/2/07, Roland Dobbins <> wrote:
> No one has done the digging required to answer any of these
> questions, unfortunately.
Can you get a valid answer to this based on the existence of BCP38?
What I mean is, if your upstream is filtering bogons, you can't get a
good read on the amount of "bad" traffic sourcing from "illegal"
addresses. However, I'm sure it's there. If we stop filtering
so-called "bad" addresses, I'm sure that the attacks from those
addresses will increase when it's realized that the filters are gone.
I agree with others in that you can't stop looking for old attacks
just because they don't happen much anymore. But we can improve the
ways we look. uRPF is definitely a dynamic option, but as I
understood it, there were issues with using it on multi-homed networks
with asynchronous routing. Granted, it has been some time since I've
looked at uRPF.
I think something like the Cymru bogon route server is great, but I'm
not a very trusting person when it comes to something like that. I
don't like giving up that level of control. Of course, at some point,
I suppose have to trust something...
I definitely believe in filtering both bogons and RFC 1918 space, it's
just a management issue that has to be dealt with.
> -----------------------------------------------------------------------
> Roland Dobbins <> // 408.527.6376 voice
-- Jason 'XenoPhage' Frisvold http://blog.godshell.com
|
|
|