|
Firewall Wizards
mailing list archives
Re: Why blocking bogons buys you nothing
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Thu, 06 Nov 2003 19:22:22 +0100
Brian Ford wrote:
Maybe your provider is just doing a very good job
of blocking Bogons before they reach you?
Eric Vyncke wrote similarily:
May be the small amounts of bogons can be explained by an upstream
ISP filtering them ;-)
If this is the case, they are doing a very .. um.. "random" job
of blocking bogons.
The /8 distribution in my original posting alone suggests otherwise.
You can also peruse the raw data that I helpfully provided a link to.
Doing a quick time distribution of this data, I get:
Month /8s seen Packets
----- -------- -------
2002-11 29 3671
2002-12 30 3154
2003-01 42 2227
2003-02 35 6003
2003-03 34 1663
2003-04 31 2063
2003-05 39 515
(note that may is incomplete)
Brian Ford wrote:
http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45-eof-geoff.pdf
This is good work, but it concerns registries, backbones and BGP
exchanges, where bogon tracking and blocking can be much more
rewarding.
My intended target audience is the average firewall admin.
Maybe I was unclear in that respect. I have updated the
online copy to reflect this fact.
Don't get me wrong; researching bogons is interesting.
- Who's doing it?
- Why?
- If they involve two-way communication: how are they doing it?
But in my experience, it's not something that the average firewall
admin should be doing, or, indeed, even has anything to gain from.
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
