bogon prefix blocking

Forums › IT Pro and developers › bogon prefix blocking

bigalow

568 posts

Ultimate Geek
+1 received by user: 112

#268409 18-Mar-2020 00:18

banning ip bogans yay or nay ?

only reason i'm asking as i get a lot of 6 to 4 ips eg 2002:c23d:185e::c23d:185e attacking my sites

some sites on google say yes and some say no

danfaulknor

974 posts

Ultimate Geek
+1 received by user: 533

Trusted

Prodigi

Subscriber

#2440434 18-Mar-2020 01:30

We blackhole routes for bogons on our routers, so they don't even make it to the servers.

Using https://www.team-cymru.com/bogon-reference-bgp.html

they/them

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2440822 18-Mar-2020 18:24

I would ask what is the percentage of legitimate traffic that comes from bogon ranges. If it's all dodgy then block it

I say block it.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#2440905 18-Mar-2020 21:23

I have all of these blocked with no exception

::/128 (unspecified address)
::1/128 (lo)
fec0::/10 (site-local)
::ffff:0.0.0.0/96 (ipv4-mapped)
::/96 (ipv4 compat)
100::/64 (discard only)
2001:db8::/32 (documentation)
2001:10::/28 (ORCHID)
3ffe::/16 (6bone)
::224.0.0.0/100 (other)
::127.0.0.0/104 (other)
::/104 (other)
::255.0.0.0/104 (other)

You're not on Atlantis anymore, Duncan Idaho.

bigalow

568 posts

Ultimate Geek
+1 received by user: 112

#2440956 19-Mar-2020 00:27

anyone got a good script ? where can i find a good list

im using ubuntu with iptables and ipset