Team Cymru is pleased to announce a significant addition to our bogon reference project which might be of interest to this list as it relates to IPv6 matters. The new portions of the project are offered at no cost to the community, and the original bogon lists and feeds are not being changed or canceled, just augmented. The new "fullbogon" feed includes prefixes allocated to RIRs, but not assigned by the RIRs to end-users, ISPs, etc, providing a more complete view of the unassigned space that should not be seen on the Internet. This new service is therefore more granular than the original feed, including a wide variety of non-routable prefixes as well as unassigned prefixes and it also includes IPv6 prefixes. Simply email bogonrs@cymru.com with your ASN, peering IP addresses and whether you use MD5 authentication. See an overview in the 46th episode of Team Cymru's 'The Who and Why Show' at www.youtube.com/teamcymru, as well as a more basic overview in episode 12. For a more detailed explanation, see <http://www.team-cymru.org/Services/Bogons/>. Even more so than the original feed, there are significant changes to the list every day and the feed automatically recalculates the prefixes as they are allocated from the regional registries, so make sure you are able to regularly update your lists. Internet security is all about "the other guy." If one sizeable network is insecure, it WILL be used to abuse other networks. We look forward to continuing to help our community to secure the edge. Why is this important? Bogons are defined as Martians (private and reserved addresses defined by RFC 1918 and RFC 5735) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority. A bogon prefix is a route that should never appear in the Internet routing table on a Router. A packet routed over the public Internet (obviously, not including over VPNs or other tunnels) should never have a source address in a bogon range. These are commonly found as the source addresses of DDoS attacks and our research has previously shown that, in some cases, up to 60% of DDoS packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.). This new service comprises a larger set which also includes IP space that has been allocated to an RIR, but not by that RIR to an actual ISP or other end-user. While not all DDoS attacks use bogons, every little bit helps. Note additionally that bogon filtering is a component of anti-spoofing filtering, which is also very important. Internet security is all about "the other guy." If one sizeable network is insecure, it WILL be used to abuse other networks. We look forward to continuing to help our community to secure the edge. warm regards, Steve. -- Steve Santorelli,Team Cymru, Inc.|www.team-cymru.org steve@cymru.com|[moderated] Also, please note that there are many way to keep up with what Team Cymru are doing, see the lower part of: http://www.team-cymru.org/About/contact.html plus: * join our announce list via cymru-announce-subscribe@cymru.com * see what we see, www.team-cymru.org/Monitoring/Graphs * probably the best news feed in the world, www.team-cymru.org/News * cool stuff you can use, www.team-cymru.org/Services/ * see our Twitter feed at http://twitter.com/teamcymru