[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Questions about bogon filtering [Was: Re: Firewall update (if you're filtering bogons)]

To: or-talk@xxxxxxxxxxxxx
Subject: Questions about bogon filtering [Was: Re: Firewall update (if you're filtering bogons)]
From: "F. Fox" <kitsune.or@xxxxxxxxx>
Date: Thu, 30 Oct 2008 09:02:36 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 30 Oct 2008 12:02:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=zk3EoEX+clctaTOznaM7N6F6JRNMfueZdogHzxf7NOE=; b=GbGHxtCDHQYNrtVfqrJBkubxUywLTh73YctguQ/lA7E/qMDF22/r/4OewwRomEVOsO 0dRHxowjdr9SUf0hZlI1PZvHrgRe1ALp9o6klqnhTAmL5YrotXXuTmWo0x5+QrVWDKq4 WY6fvadVgHJTzKisuqRp9ZbeRDAuoAdwrglZ0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=e33ttKUgupIqmAAnlWJJvp8RxqRX0I7vFiUBlBg/UExRQNQCWzRvDOSXZsNATL3Wg5 h8lFpVs2Qu4YnbMQzlT3OsFATd3XdEFT376HaCoOLjFFSORfbTCdVUHxZLtSlngZ1dXE fVgtAnTARoS73qQf039MEBdvUImoY5KdSQx0Y=
In-reply-to: <490759FE.2040100@xxxxxxxxxxxxxxxxxxxxxx>
References: <48D7EAE2.4010803@xxxxxxxxxxxxxxxxxxxxxx> <490759FE.2040100@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.16 (X11/20080724)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arjan wrote:
> The list of IPv4 Global Unicast Address Assignments got updated yesterday:
> 	http://iana.org/assignments/ipv4-address-space/
> 
> The previously unallocated prefix 197/8 has been allocated. Please
> remove it from your firewall filter if you're filtering bogons.
> 
> 

A question: Does filtering bogons really help security all that much? I
would think that about all it'd be good for would be dropping packets
with spoofed IDs - but in the case of a DDoS, where such a thing is
likely, they've accomplished their goal simply by having the packet get
across your uplink and bounce off your firewall.

I suppose it could help spare load on a server in the case of a SYN
flood directed towards one, but I would think it wouldn't be all that
hard to adjust the RNG algorithm (or counter, or whatever) to have the
spoofed IPs on the packets generated only in non-bogon space.

- --
F. Fox
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBCAAGBQJJCdqUAAoJECxKjnsrYHNH6kEQAIpWb5ZeeBtz8Ju8VKq9R3+5
UxMcy+NDyajD31oaGBMyfRQrJ1mo11LQGoGIj0SU96GnxFHEzQz+6eh4hf0rLG3k
qrbzNJojkZu7ucIsphxttvRiC7PvDse2WIh2xNXdJDwaH8lWqYHgcLx+zaOmqKgm
R/9W0ijZvKGyMGzAjpVhHeEUoGqv6oOywAVCQ7MYOV9QXke4a19mZEZXdnXK2hCu
sBBftwX/9csDwy0BM8FQw5c4hecaNSaSwoWkFkArHkOmJsPnoCExXiizeUQMs9Op
yLnCwn4b0PpGyC1oVJdX/OQCfnBqXi9No3MEBzt6Mi7t6lXFlH//DUWcrlDOkepP
mf/zpd2kXY01re8ifPHh6q9vMpOPEGqZefErOud7np76hFVavt8y7OaRLXGfk9S7
JzTjyqX9m7V5Fgc61QMhqq9IxrEasuLr3qb4g0r5C1MqzmmM2s9/e6S05oKGfAlb
BMoC65HQ3bI00tQUOBtZTkoc4YaTEG3Ez1JDuhxEJkG+4ERJEw4RM2YdEbyuSmbn
7+sSCQSWeDgO5TCh5OE8S4B/6qgeBVQmz9X6/rYygnJsxXr0ao5mleVsZ/sOXxhQ
paRzN5gLLC/GhC6UWw5OZJ1qcrVv+1p1cMfUGOLbp1NtPFENh5TkEuLYHjtwEmfT
4eS0eYPOVSjnCORs2RUW
=2pIx
-----END PGP SIGNATURE-----

References:
- Firewall update (if you're filtering bogons)
  - From: Arjan

Prev by Author: Re: Interesting tor network map.
Next by Author: Re: How to ban many IPs?
Previous by thread: Firewall update (if you're filtering bogons)
Next by thread: FYI: ultimate security proxy with tor
Index(es):
- Author
- Thread