Questions about bogon filtering [Was: Re: Firewall update (if you're filtering bogons)]

F. Fox kitsune.or at gmail.com
Thu Oct 30 16:02:36 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arjan wrote:
> The list of IPv4 Global Unicast Address Assignments got updated yesterday:
> 	http://iana.org/assignments/ipv4-address-space/
> 
> The previously unallocated prefix 197/8 has been allocated. Please
> remove it from your firewall filter if you're filtering bogons.
> 
> 

A question: Does filtering bogons really help security all that much? I
would think that about all it'd be good for would be dropping packets
with spoofed IDs - but in the case of a DDoS, where such a thing is
likely, they've accomplished their goal simply by having the packet get
across your uplink and bounce off your firewall.

I suppose it could help spare load on a server in the case of a SYN
flood directed towards one, but I would think it wouldn't be all that
hard to adjust the RNG algorithm (or counter, or whatever) to have the
spoofed IPs on the packets generated only in non-bogon space.

- --
F. Fox
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBCAAGBQJJCdqUAAoJECxKjnsrYHNH6kEQAIpWb5ZeeBtz8Ju8VKq9R3+5
UxMcy+NDyajD31oaGBMyfRQrJ1mo11LQGoGIj0SU96GnxFHEzQz+6eh4hf0rLG3k
qrbzNJojkZu7ucIsphxttvRiC7PvDse2WIh2xNXdJDwaH8lWqYHgcLx+zaOmqKgm
R/9W0ijZvKGyMGzAjpVhHeEUoGqv6oOywAVCQ7MYOV9QXke4a19mZEZXdnXK2hCu
sBBftwX/9csDwy0BM8FQw5c4hecaNSaSwoWkFkArHkOmJsPnoCExXiizeUQMs9Op
yLnCwn4b0PpGyC1oVJdX/OQCfnBqXi9No3MEBzt6Mi7t6lXFlH//DUWcrlDOkepP
mf/zpd2kXY01re8ifPHh6q9vMpOPEGqZefErOud7np76hFVavt8y7OaRLXGfk9S7
JzTjyqX9m7V5Fgc61QMhqq9IxrEasuLr3qb4g0r5C1MqzmmM2s9/e6S05oKGfAlb
BMoC65HQ3bI00tQUOBtZTkoc4YaTEG3Ez1JDuhxEJkG+4ERJEw4RM2YdEbyuSmbn
7+sSCQSWeDgO5TCh5OE8S4B/6qgeBVQmz9X6/rYygnJsxXr0ao5mleVsZ/sOXxhQ
paRzN5gLLC/GhC6UWw5OZJ1qcrVv+1p1cMfUGOLbp1NtPFENh5TkEuLYHjtwEmfT
4eS0eYPOVSjnCORs2RUW
=2pIx
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list