Sean,
I am not a BGP Guru by any means but as I see it:
there are more than 25 /8 that should not be routed at all...
And they are easily summarized.. some can be /6 or less...
I never tried that.. But should work....
If I go to AT&T and ask for a list of what should be routed,
That will be a huge list and not summarizeable.
Although there are routers on the market that have massive amounts of RAM
and can handle oodles of routes, and some ISP's may want to do this.
BUT the average net user can easily take a BGP Feed of say 25 /8 and
50 /16 or so and /dev null all is fine. Using my example of the blockage of
APNIC /8s.. SPAM SPAM GONE Away..... So can many other problems...
(I ACL'd 4 /8 from APNIC on a Mail server and lost 60-70 % of the inbound SPAM...
Nice test, Syslog didn't like it none.....)
To me Rob provides a great service, which I am ashamed to say, I am falling
down to implement... If I could /dev null some of the ole task list
I would do it now....
Anyway, JMHO....
Jim
If Rob wanted to do it right 
In 2001, approximately 33.5% of IPv4 address space was being announced
in the global routing table. If you wanted to do complete negative
filtering, you need to filter 66.5% of the IPv4 address space.
http://www.apnic.net/stats/bgp/TOTAL/totaladd.html
Unfortunately, all we have is a rather blunt tool. Its a bit like
trying to fight credit card fraud by rejecting any card that doesn't
begin with a 4 (Visa) or 5 (partial Mastercard range). It may work as
a limited data entry check, but its not enough.
> I am not a BGP Guru by any means but as I see it:
> there are more than 25 /8 that should not be routed at all...
> And they are easily summarized.. some can be /6 or less...
> I never tried that.. But should work....
If Rob wanted to do it right
In 2001, approximately 33.5% of IPv4 address space was being announced
in the global routing table. If you wanted to do complete negative
filtering, you need to filter 66.5% of the IPv4 address space.
But probably 50% or more of that is contained in large aggregatable blocks...
Steve
Just putting a static inside your network (advertised no-export of course)
for 1/8 (for instance) will not solve your problem, since I can advertise
1/9 and get that traffic (inside your ASN atleast). This problem is really
only solved with good filters on customer bgp session. That and a process
to validate that new netblocks from customers that should be added to the
filter.
In the examples of Trafalgar house and the German Corp's stolen /16 from
earlier last week, the hijacking was 'quickly' shutdown when the upstream
providers for the 'offending' (duped or perhaps complicit) ASN's were
notified of the situation. Perhaps the notification process could have
been faster, or the actions from the upstreams more streamlined...