Re: [fw-wiz] Why blocking bogons buys you nothing

From: Mikael Olsson (mikael.olsson_at_clavister.com)
Date: 11/06/03

  • Next message: Stiennon,Richard: "RE: [fw-wiz] OT: Happy Birthday Marcus and Happy Guy Fawkes Day"
    To: Brian Ford <brford@cisco.com>
    Date: Thu, 06 Nov 2003 19:22:22 +0100
    
    

    Brian Ford wrote:
    >
    > Maybe your provider is just doing a very good job
    > of blocking Bogons before they reach you?

    Eric Vyncke wrote similarily:
    >
    > May be the small amounts of bogons can be explained by an upstream
    > ISP filtering them ;-)
    >

    If this is the case, they are doing a very .. um.. "random" job
    of blocking bogons.

    The /8 distribution in my original posting alone suggests otherwise.
    You can also peruse the raw data that I helpfully provided a link to.

    Doing a quick time distribution of this data, I get:

    Month /8s seen Packets
    ----- -------- -------
    2002-11 29 3671
    2002-12 30 3154
    2003-01 42 2227
    2003-02 35 6003
    2003-03 34 1663
    2003-04 31 2063
    2003-05 39 515
      (note that may is incomplete)

    Brian Ford wrote:
    >
    > http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45-eof-geoff.pdf
    >

    This is good work, but it concerns registries, backbones and BGP
    exchanges, where bogon tracking and blocking can be much more
    rewarding.

    My intended target audience is the average firewall admin.
    Maybe I was unclear in that respect. I have updated the
    online copy to reflect this fact.

    Don't get me wrong; researching bogons is interesting.
    - Who's doing it?
    - Why?
    - If they involve two-way communication: how are they doing it?
    But in my experience, it's not something that the average firewall
    admin should be doing, or, indeed, even has anything to gain from.

    -- 
    Mikael Olsson, Clavister AB
    Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
    Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
    Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Stiennon,Richard: "RE: [fw-wiz] OT: Happy Birthday Marcus and Happy Guy Fawkes Day"