Well Steve, it's like this: There are (a) security experts,
(b) "security
experts", and (c) guys that spend their day making things
usable in spite of
what the rest of the net throws in their AS's direction.
You're an example of
one, I'm an example of another, and the advocates of static
bogon filters are
an example of the third. Figuring out which is which is left
as an exercise
for the reader...
This makes it sound like we are talking about some
kind of network security issue. We aren't!
The fundamental issue is OPERATIONS and has to do with
policy and management of that policy. Bogon filters are
an example of a policy implementation. It should be no
surprise to anyone in operations that when technical people
implement a policy which does not actually exist within
the company, there is nobody to manage that policy
implementation and it eventually becomes orphaned.
One might argue that if a company is not capable of
setting a policy and managing that policy, then you
should not implement the policy at all.
--Michael Dillon
I think this really goes to the heart of the matter - the inability/unwillingness to prioritize and allocate resources to properly implement 'good neighbor' policies which are not perceived as having any financial benefit to the organization.
So, can this sort of activity somehow be monetized by the SPs, remedied by the vendors, or is it a matter for the standards bodies (or some combination thereof)?
> one, I'm an example of another, and the advocates of static bogon filters are
important word alert ------> ^^^^^^
policy and management of that policy. Bogon filters are
an example of a policy implementation.
Note that I didn't say bogon filters were a bad idea. I said that the
concept of installing a bogon filter and not adjusting it to fit the
changing realities over the years was usually(*) a bad idea.
(*) usually - if your business model allows you to reliably enumerate
the list of sites that you want to talk to, feel free to declare everything
outside the 3 /16s you actually need to talk to a "bogon". Note that in
the preceding sentence, "reliably" is another important word... 