* [gentoo-user] Bogon List
@ 2009-09-01 17:58 Grant
2009-09-01 18:04 ` kashani
0 siblings, 1 reply; 5+ messages in thread
From: Grant @ 2009-09-01 17:58 UTC (permalink / raw
To: Gentoo mailing list
I was just reading about the Bogon List here:
http://www.webmasterworld.com/webmaster/3978016.htm
and I'm wondering if I could be using it on my Gentoo server in any
software I'm running. Does anyone know if it shows up in the
shorewall or apache2 config anywhere?
- Grant
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Bogon List
2009-09-01 17:58 [gentoo-user] Bogon List Grant
@ 2009-09-01 18:04 ` kashani
2009-09-01 19:02 ` Grant
0 siblings, 1 reply; 5+ messages in thread
From: kashani @ 2009-09-01 18:04 UTC (permalink / raw
To: gentoo-user
Grant wrote:
> I was just reading about the Bogon List here:
>
> http://www.webmasterworld.com/webmaster/3978016.htm
>
> and I'm wondering if I could be using it on my Gentoo server in any
> software I'm running. Does anyone know if it shows up in the
> shorewall or apache2 config anywhere?
>
> - Grant
>
If I were going to attempt to use it and didn't want to maintain it, I'd
use this service.
http://www.team-cymru.org/Services/Bogons/routeserver.html
Then it's a matter of peering with their route server and injecting null
routes into your routing table.... which might be complicated if you
weren't a network engineer at an ISP in another life. :-) It's not
actually that hard, but most of the documentation assumes you have some
idea how more than just static routing works.
Or you can just cron a weekly/monthly wget of
http://www.cymru.com/Documents/bogon-bn-agg.txt and set it to alert you
if the md5sum changes.
kashani
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Bogon List
2009-09-01 18:04 ` kashani
@ 2009-09-01 19:02 ` Grant
2009-09-01 22:47 ` kashani
0 siblings, 1 reply; 5+ messages in thread
From: Grant @ 2009-09-01 19:02 UTC (permalink / raw
To: gentoo-user
>> I was just reading about the Bogon List here:
>>
>> http://www.webmasterworld.com/webmaster/3978016.htm
>>
>> and I'm wondering if I could be using it on my Gentoo server in any
>> software I'm running. Does anyone know if it shows up in the
>> shorewall or apache2 config anywhere?
>>
>> - Grant
>>
>
> If I were going to attempt to use it and didn't want to maintain it, I'd use
> this service.
>
> http://www.team-cymru.org/Services/Bogons/routeserver.html
>
> Then it's a matter of peering with their route server and injecting null
> routes into your routing table.... which might be complicated if you weren't
> a network engineer at an ISP in another life. :-) It's not actually that
> hard, but most of the documentation assumes you have some idea how more than
> just static routing works.
>
> Or you can just cron a weekly/monthly wget of
> http://www.cymru.com/Documents/bogon-bn-agg.txt and set it to alert you if
> the md5sum changes.
>
> kashani
I should have been more specific. That link I posted discusses how
blocking the Bogon List can cause problems as some of the IPs on the
list come into use. I'd like to not use it at all, and I'm wondering
if I'm using it as part of a default setup of shorewall, apache2, or
other software. Do you know of any software that uses it by default?
- Grant
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Bogon List
2009-09-01 19:02 ` Grant
@ 2009-09-01 22:47 ` kashani
2009-09-02 22:31 ` Grant
0 siblings, 1 reply; 5+ messages in thread
From: kashani @ 2009-09-01 22:47 UTC (permalink / raw
To: gentoo-user
Grant wrote:
> I should have been more specific. That link I posted discusses how
> blocking the Bogon List can cause problems as some of the IPs on the
> list come into use. I'd like to not use it at all, and I'm wondering
> if I'm using it as part of a default setup of shorewall, apache2, or
> other software. Do you know of any software that uses it by default?
>
> - Grant
>
Ah. Yeah shorewall turns it on by default unless that's changed. You
should be fine if you keep Shorewall updated which installs a new bogon
file or you can turn it off.
http://sourceforge.net/mailarchive/forum.php?thread_name=4404A628.1010301%40shorewall.net&forum_name=shorewall-users
I can't think of anything other than firewall rules that include their
own bogon filter because they do go out of date within a year or two.
kashani
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Bogon List
2009-09-01 22:47 ` kashani
@ 2009-09-02 22:31 ` Grant
0 siblings, 0 replies; 5+ messages in thread
From: Grant @ 2009-09-02 22:31 UTC (permalink / raw
To: gentoo-user
>> I should have been more specific. That link I posted discusses how
>> blocking the Bogon List can cause problems as some of the IPs on the
>> list come into use. I'd like to not use it at all, and I'm wondering
>> if I'm using it as part of a default setup of shorewall, apache2, or
>> other software. Do you know of any software that uses it by default?
>>
>> - Grant
>>
>
> Ah. Yeah shorewall turns it on by default unless that's changed. You should
> be fine if you keep Shorewall updated which installs a new bogon file or you
> can turn it off.
>
> http://sourceforge.net/mailarchive/forum.php?thread_name=4404A628.1010301%40shorewall.net&forum_name=shorewall-users
>
> I can't think of anything other than firewall rules that include their own
> bogon filter because they do go out of date within a year or two.
>
> kashani
Thanks kashani. It sounds like shorewall-3.* doesn't support nobogons anyway.
- Grant
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2009-09-02 17:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-09-01 17:58 [gentoo-user] Bogon List Grant
2009-09-01 18:04 ` kashani
2009-09-01 19:02 ` Grant
2009-09-01 22:47 ` kashani
2009-09-02 22:31 ` Grant
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox