 |
 |
On Dec 1, 2016, at 8:32 PM, Richard Laager <[log in to unmask]> wrote: > > I'm looking for feedback on a filtering proposal. I propose that, on the > route server, by default, we filter incoming routes to block anything > matching: > _(174|209|286|701|1239|1299|2828|2914|3257|3320|3356|3549|5511|6453|6461|6762|6939|7018|12956)_ I fully support this. Also would suggest blocking bogon ASNs on the route servers too (good list/examples in Job’s presentation as well) For those doing bilateral peering, I’d also highly suggest applying sane import filters on peers to catch folks that aren’t behaving properly. We do something like: - reject 0/0 - reject RFC1918 - reject bogon ASNs - reject /25 - /32’s -- Andrew Hoyos [log in to unmask]