Home page logo
/

nanog logo nanog mailing list archives

Re: do bogon filters still help?
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 12 Jan 2006 00:21:30 +0100


* Pim van Pelt:

Hi Florian, others,
 
| You should move 192.88.99.0/24 from SPECIAL to YES (although you
| shouldn't see source addresses from that prefix, no matter what the
| folks at bit.nl think).  169.254.0.0/16 should be NO (otherwise it
| wouldn't be link-local).

Hi, here's a member of 'the folks at bit.nl'.  Just a quick note to
say that we have been sourcing IPv4 packets from 192.88.99.1 at a rate
of 2.000 to 10.000 packets per second since early 2003, so I'm guessing 
we have sent some 750.000 billion packets by now.

And this is just so wrong.  You should use an address you own as a
source address.  Otherwise, packets tend to get dropped by filters.

And no, "anyone should be able to spoof from 192.88.99.0/24" is not
the answer to this kind of problem.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault