dealing with bogon spam ?

[jared at puck.nether.net (Jared Mauch)]

On Oct 28, 2009, at 7:14 AM, Valdis.Kletnieks at vt.edu wrote:

> On Tue, 27 Oct 2009 16:57:17 PDT, Leslie said:
>> We're seeing a decent chunk of spam coming from an unallocated  
>> block of
>> address space.
>
> Fear not, this will end when we run out of IPv4 space not too many  
> months
> down the road :)
>
> I admit to remaining confused as to why we still keep seeing  
> providers who fail
> to do basic due-diligence like BCP38 filtering of packets, or asking  
> a new BGP
> peer what they expect to announce and then filter based on that. I  
> mean, come
> on guys - sure they may be 6 cents a meg cheaper, but do you really  
> want to buy
> connectivity from a provider that can't run their network in a  
> proper fashion?
>
> Don't answer that. ;)

I can answer the above question regarding BCP38:

Vendor software defects and architecture limitations make it  
challenging to deploy a solution whereby BCP38 can be universally  
deployed.

Customers that are unwilling to announce all their space also make  
uRPF problematic.  I'd like to see 'loose-rpf' universally deployed  
myself.  There is no reason for unrouted space to have packets sourced  
from it.  This makes up a fair percentage of traffic that root/gtld  
nameservers see (based on conversations i've had with operators over  
the years).

If you configure CPE devices and don't utilize anti-spoofing  
capabilities on the CPE-Lan, please add that to your templates.  It is  
helpful to the internet as a whole, while you may not personally see  
return on your investment, others will.

	- Jared