I've never particularly seen it as worthwhile to filter against any more bogons than RFC1918 - they're the ones likely to cause problems in filters etc... -Michael Fincham Unleash On Fri, 2007-06-29 at 11:14 +1000, Alastair Johnson wrote:
Jonny Martin wrote:
On 29/06/2007, at 11:37 AM, Gerard Creamer wrote:
We had a bogon list with 112.0.0.0/5 in it and misread it as /8 several times before growing a brain and sorting it out. Just thought I'd mention it so folks can recheck their bogon lists to ensure that the following aren't being stopped by a larger aggregation.
We're still using static bogon filters?
Team Cymru provide a bogon BGP feed which make keeping up with bogon changes a cinch. 1 - Peer with the Cmyru bogon route server. 2 - Profit!
Ignoring some people/organisations that may have corporate or architectural (or simply rule with an iron fist) approaches that prevent or restrict giving the potential to explode your network to a third party, of course.
However, there is a safer approach still: don't use bogon filters at all. I've managed to convince myself they have caused, and continue to cause, far more damage than good.
YMMV of course.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog -- -Michael Fincham
Unleash Technology Solutions