RE: [address-policy-wg] New Draft Document: De-boganising New AddressBlocks

[Rob Thomas <]

Hi, team.

] Andre is right, the best solution is definitely not to filter bogons.

Best solution for what problem, exactly?  :)

Bogon filtering does help, though it can be accomplished in a variety
of ways (e.g. bogon route-servers, ACLs, uRPF with prefix filtering).
Take a peek at my study entitled "60 Days of Basic Naughtiness" for
some data points on bogon address usage.

   <http://www.cymru.com/Presentations/60Days.zip>
   <http://www.cymru.com/Presentations/60Days.ppt>

Others see more or less of this depending on what they host or
transit.  One thing we have seen in our darknet monitoring is a
decrease in the use of bogon source addresses.  Why?  Because they
are less effective (thankfully).  Ah, but read on!

Does this *solve* the problems of DDoS, hacking, scanning?  No, of
course not.  The miscreants have multiple methods in their toolkits,
with spoofing being only one.  In fact spoofing applies to allocated
and routed space as much as it applies to unallocated (aka bogon)
space.  What we are attempting to do is to reduce the effectiveness
of one particular set of badness.

Defense in depth works, and every little bit helps.  Just as many
folks do not rely on a single provider for Internet access, we
shouldn't rely on a single method to mitigate or block malevolent
flows.

I love the idea of the RIRs and IANA providing the service!  We at
Team Cymru are happy to help them in any way towards that goal.
Once those mechanisms are in place and tested, we're happy to turn
down our service in deference to their authoritative service.  That
is a ways off, I suspect, so don't take that as a formal statement
or plan.  :)

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);