Fullbogon lists
-
Hello,
If it is possible to share this information, can you shed a light on how you generate fullbogon lists, please? Mind, I don't ask for low level details. I'm interested in the general approach you use - RIR database, global routing table, etc.TIA
-
@bofh16 said in Fullbogon lists:
how you generate fullbogon lists
I would just grab them from here.
https://www.team-cymru.com/bogon-reference-http -
@johnpoz thanks, I'm aware of this location. My question has a deeper context and I'll try to elaborate further on it. A note here should be, it is more service provider related, than enterprise/DC. MANRS advises to use fullbogon list to filter the network ingress. They also refer to Team Cymru on their site. Considering the fact TC fullbogon list was last updated in the beginning of August, it includes outdated information about prefixes, which are now live. Your list was updated quite recently and I found it didn't include prefixes, which do not have proper RIR route objects, but are in the global routing table now. Like 103.12.76.0/22.
Hence, my interest to understand your approach of building it. Appreciate your understanding and support. -
@bofh16 building your own.. So you want to be your own Team Cymru..
If a prefix doesn't have proper route objects, is it really valid? ;)
If you want the most updated lists, I believe you can peer with them.
https://www.team-cymru.com/bogon-reference-bgp -
@johnpoz said in Fullbogon lists:
@bofh16 building your own.. So you want to be your own Team Cymru..
If a prefix doesn't have proper route objects, is it really valid? ;)
If you want the most updated lists, I believe you can peer with them.
https://www.team-cymru.com/bogon-reference-bgp@johnpoz, I think you may have misunderstood his question. The way I read the OP is that the bogon list he finds on pfSense is more accurate/up-to-date than the list he sees at team-cymru. He says that list was last updated in August and includes some outdated info about certain prefixes that were "bogons" back in August but are now in use with valid prefixes assigned (he says the pfSense bogons list has this newer information while team-cymru does not).
At least that's how I read his question. This area is out of my area of expertise, though, so I can't help answer the question about how Netgate builds their list.
-
@bmeeks The list in pfsense is pulled from there.. So not sure how that would be possible.
-
@johnpoz said in Fullbogon lists:
@bmeeks The list in pfsense is pulled from there.. So not sure how that would be possible.
Ah-okay. I did not know if maybe Netgate assembled one from elsewhere. Never mind ...
-
@bmeeks they don't pull the full bogon from TC directly.. And they do alter it, they remove rfc1918 from it. I think they pull it from a list they keep their servers. But I know their source is TC.. Unless that has recently changed
They pull it from here in the script.
https://files.netgate.com/lists/fullbogons-ipv4.txtBut I am not aware of them building that on their own from scratch ;)
I don't think TC would be too happy if you had every instance of pfsense pulling from them ;)
-
To clarify, the situation with TC is as:
-
HTTP links return outdated versions from 02.08.2022
-
RIR links point to database objects, which either return the classic martians or an empty set
-
DNS queries return more sensible data. My suspicion is, it is up-to-date. TC do not allow AXFR for fullbogons zone, but the transfer of the classical bogons one fails either.
-
BGP has not been tested yet.
I ran through the above, before I came here with the intention to get an understanding, how/where from pfSense gets fullbogons list.
-
