North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: IPv6 PI block is announced - update your filters 2620:0000::/23
- From: william(at)elan.net
- Date: Fri Sep 15 18:55:39 2006
On Fri, 15 Sep 2006, Randy Bush wrote:
IANA-based data bogon filters are in fact mostly useful to filter attack
Call me naive, but could somebody enlighten me as to what tangible benefit
filtering out bogon space actually achieves? It strikes me that it causes
more headaches than it solves.
the theory is that it means you have no route to send responses back to an
attacker who uses tcp, i.e. a spammer.
issues using udp-based and similar protocols that don't require session
the practice is that spammers use holes or super-blocks of allocated, i.e.
not bogon, space. they are not stupid.
It is still bogon space and completewhois bogon list catches most of those.
Those that don't get caught are the ones where allocation exists but ip
space is not being used (i.e. not advertised in bgp) and then doing
super-block works for the spammer (there are ways to filter that as
well actually but you ran risk of filtering those doing aggregation).
And do remember that original question was about IPv6 allocation.
Personally I don't know any spammers using ipv6 bogon space [yet]...
so your point is well taken.