[nsp] 82/8 allocated to RIPE

[Rob Thomas]

Hi, Steve.

] I personally dont think its a good idea to filter a block because its

As with all things of this nature, your mileage may vary.  :)  It's up
to you to pick and choose which practices you wish to adopt.  That said,
I and my networks would love it if you would at least filtered such
ranges on the EGRESS.  ;)

] Is anything achieved by filtering unallocated? (Note I do not include
] permanently reserved blocks in this comment eg rfc1918, 127/8 etc)

Yes, at least in my view.  In a survey I conducted of one oft' attacked
site, 66.85% of the source addresses in all naughty packets received were
bogons.  This included the obvious ones (e.g. RFC1918, 127/8) as well as
the unallocated space.  That is a lot of packets my gear doesn't need to
permit or transit.  When I expanded this study to cover several more
sites, the results were similar.  In my view, it is worth the bit of
extra time to keep the garbage out.  This is also why I push EGRESS
filtering.  :)

How often must these updates be made?  Not very.  Here is a history of
the allocations for the past three years (thus far):

   064/8   Jul 99   ARIN
   213/8   Mar 99   RIPE NCC

   217/8   Jun 00   RIPE NCC
   065/8   Jul 00   ARIN
   066/8   Jul 00   ARIN
   218/8   Dec 00   APNIC

   221/8   Jul 02   APNIC
   069/8   Aug 02   ARIN
   082/8   Nov 02   RIPE NCC

Please keep in mind that I am not advocating this step as a panacea for
all miscreant behavior.  It is a mitigation step.  If everyone filtered
such things at the edge, then the source IPs in a packet could at least
be tracked back to the true owner.  Perhaps 66.85% (more?  less?) of all
the DoS packets you receive would never leave their origin ASN.  Your
mileage may vary, etc.

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);