Home page logo
/

nanog logo nanog mailing list archives

Re: do bogon filters still help?
From: Pim van Pelt <pim () bit nl>
Date: Thu, 12 Jan 2006 00:31:48 +0100


Florian,

On Thu, Jan 12, 2006 at 12:21:30AM +0100, Florian Weimer wrote:
| And this is just so wrong.  You should use an address you own as a
| source address.  Otherwise, packets tend to get dropped by filters.
Who says so? It's anycasted, and operators source from it after making
note of this in the proper routing registries. RIPE NCC would confirm that
AS12859 can source from 192.88.99.0/24, just like the other operators 
in RFC3068-MNT can. If anybody marks this prefix as a bogon and filters 
it, that's their absolute right as a network operator. Their customers 
might not appreciate it that much though, if they would like to use 6to4.

| And no, "anyone should be able to spoof from 192.88.99.0/24" is not
| the answer to this kind of problem.
I didn't say, type, or even think this. 

-- 
Met vriendelijke groet,
BIT BV / Ing P.B. van Pelt
PBVP1-RIPE (PGPKEY-4DCA7E5E)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]