On Tue, 2004-03-09 at 07:06, Todd T. Fries wrote: > Not when you're working on a system that is being attacked with packets > with source ip's in the list. > > In my opinion anyway.
Well, as long as you're using anti-spoof packets can't bounce through to your internal network segments using your own address space, so that's the most important part... filtering out bogons is really just to cut down on chaff a little bit. Henning is right, though: unless you're updating regularly it's a Bad Thing(tm) because IANA can and does allocate those IPs (last time was in January). Team Cymru specifically updates their list often, which is why I wrote my script (it will remove IPs from my <bogon> table if they've been allocated). -- Brian Keefer, CISSP Systems Engineer CipherTrust Inc, www.CipherTrust.com
