James Hess <mysi...@gmail.com> writes: >> 29/256 = 11% of the available address space. My argument is, if >> someone is scanning you from random source addresses blocking 10% >> of the scan traffic is reaching a point of very little return for >> the effort of updating the address lists, and as we all know it is >> getting smaller and smaller. > > Granted, if the filters aren't updated very frequently, they're pretty bad.
That's the usual state of affairs, unfortunately. > But.. I would suggest, basically, filtering bogons is still great and > pretty important, it serves as an ongoing deterrant against random > unruly networks trying to pick up the unassigned addresses, or > treating the space as "Up for grabs" just because some space happens > to be unannounced (and unassigned). Gotta agree with Leo here. We can't even get people to implement BCP-38, which is nine years old for crying out loud. The deployment level at which bogon filtering is a deterrent to squatting is quite a bit higher from the point at which it becomes an issue to legitimate users. I've considered static bogon filters to be a Worst Current Practice for years. If you feel you absolutely must engage in the practice use a dynamic feed like Cymru's, but honestly, just let it go. -r
