I will check on this and get back with you. Rodney
On Thu, Jan 20, 2005 at 11:18:10AM -0500, Joe Maimon wrote: > > > > David Barak wrote: > > >--- Suresh Ramasubramanian <[EMAIL PROTECTED]> > >wrote: > > > > > > > >>David Barak <[EMAIL PROTECTED]> wrote: > >> > >> > >>>While it says that bogon filters change, and > >>> > >>> > >>provides > >> > >> > >>>a URL to check it, what percentage of folks who > >>> > >>> > >>would > >> > >> > >>>use a feature like "autosecure" would ever update > >>>their filters? > >>> > >>> > >>> > >>What do they do to update that bogon list anyway - > >>push a new IOS image? > >> > >> > >> > > > >That's a mighty fine question: the link I referenced > >is the most recent I was able to find, and its list of > >bogons is thoroughly out-of-date. In the interest of > >long-term reachability, I would call on Cisco to > >remove the IANA-UNASSIGNED blocks from the autosecure > >filters. > > > > > > > > > I think the last time this was hashed out here, there was a consensus > that Cisco should not be promoting a feature that uses a static list for > blackholing. The problem is with now-good-bogons bad enough as it is, > even with a presumably competent admin responsible for the setup. > > Perhaps Cisco could couple this with a scheduled scp to a server of > choice, preferably Cisco's, for an update checking feature. At that > point I would think perhaps it has a bit more + than - to it. > > At any rate it should NOT be tied to IOS images, the vast majority of > those never get upgraded. Make ACLS be able to parse their rules from a > file stored wherever. Just like that new DHCP static bindings from text > file feature. > > Joe