On Tue, Mar 09, 2004 at 09:15:11AM -0800, Brian Keefer wrote: > On Tue, 2004-03-09 at 07:06, Todd T. Fries wrote: > > Not when you're working on a system that is being attacked with packets > > with source ip's in the list. > > > > In my opinion anyway. > > Well, as long as you're using anti-spoof packets can't bounce through to > your internal network segments using your own address space, so that's > the most important part... filtering out bogons is really just to cut > down on chaff a little bit. > > Henning is right, though: unless you're updating regularly it's a Bad > Thing(tm) because IANA can and does allocate those IPs (last time was in > January). Team Cymru specifically updates their list often, which is > why I wrote my script (it will remove IPs from my <bogon> table if > they've been allocated). >
The best sollution is to have a full view (with no default route) via bgp and use no-route. So you get a auto-update bogon filter. It is more accurate than those lists because it is live and knows about the not announced but IANA allocated blocks. I know not everybody has a bgp session running on the firewall. -- :wq Claudio
