RE: Please Check Filters - BOGON Filtering IP Space

> Whats so bad about decent secure defaults?

I don't consider a configuration that disenfranchises part of the
internet as "decent [...] defaults." :slight_smile:

The big problem that we're experiencing here is that the big telco
ISP's, network providers and managed service providers that should have
something better than a 'network monkey' running their routers are
having BOGON filtering problems.

We diagnosed a problem getting to east cost government sites and in
working with SAVVIS, we corrected problems in a matter of hours. This
has been the only positive progress we've made in unblackholing out
network segment. We're going on day number 4 trying to get SBC to fix
'managed' local government routers.

To tell you the truth, the little leaf nodes that have a corporation
without world-accessible resources behind their router are
unconsequential to us -- let them filter on old BOGON lists -- our
customers need to be able to get to the resources that are behind the
huge networks that are maintained by companies much larger than ours
that are running out of date filters.

Why more people don't use resources like what Cymru offer is beyond

James Laszko
Pipeline Communications, Inc.

you do understand that for SBC (or anyone who manages customer devices) to
make a change:
1) the customer has to be notified of the change and given a reason for
the change
2) the customer has to agree to the change (presumably they also have to
actually be contacted.... a task of it's own at times)
3) the change has to be scheduled into a maint window
4) the procedures and maintenance changes probably have to be checked over
with the 'network monkey' (as you put it) and customer
5) change happens, for 1 customer...

Wash, rinse, repeat for the other 70,000 routers you manage for
customers... This is definitely NOT a half-rack in a colo fix. Just
contacting the customers is a feat.


Not-Invented-Here syndrome?