Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    NonAgg Bogons Sufficient

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 4 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      NOYB
      last edited by

      For those that feel the nonagg bogons list is still sufficient.  Here is a bogon attempt at SSH port that would not have been blocked by the nonagg list.

      
Jan 11 05:59:37	WAN	    64.185.229.240:64439	    d.d.d.d:22	TCP:S

      Would rarely if ever get any blocked bogons with the nonagg list.  But now with the full list it actually blocks something every once in a while.

      1 Reply Last reply Reply Quote 0
      • F Offline
        francisuk22
        last edited by

        Well thats the problem, Not every IP will get blocklisted.

        1. 70% of people have DHCP
        2. 30% of people have Static

        2.0.2-RELEASE (amd64) - Dell OptiPlex GX520 SFF @ Intel P4 HT 3.0GHz
        Cisco SR224 24-port Switch (4 PCs, 1 Wireless AP, 2 Consoles)

        1 Reply Last reply Reply Quote 0
        • N Offline
          NOYB
          last edited by

          @francisuk22:

          Well thats the problem, Not every IP will get blocklisted.

          1. 70% of people have DHCP
          2. 30% of people have Static

          Forgive me.  But huh?

          1 Reply Last reply Reply Quote 0
          • F Offline
            francisuk22
            last edited by

            What im trying to say is…

            30% of people have Static IPs and then 70% of people have Dynamic IP

            2.0.2-RELEASE (amd64) - Dell OptiPlex GX520 SFF @ Intel P4 HT 3.0GHz
            Cisco SR224 24-port Switch (4 PCs, 1 Wireless AP, 2 Consoles)

            1 Reply Last reply Reply Quote 0
            • D Offline
              dhatz
              last edited by

              @NOYB:

              For those that feel the nonagg bogons list is still sufficient.  Here is a bogon attempt at SSH port that would not have been blocked by the nonagg list.

              
Jan 11 05:59:37	WAN	    64.185.229.240:64439	    d.d.d.d:22	TCP:S

              Would rarely if ever get any blocked bogons with the nonagg list.  But now with the full list it actually blocks something every once in a while.

              And what is your point? IMHO the benefits of blocking a couple more ssh login attempts per day (btw in my case 90% of all ssh login attempts seem to come from compromised systems in data centers in US and EU) doesn't seem to out-weigh the risk of blocking legitimate connections if you fail to update the full bogon-list…

              On the other hand, if you had a popular system that was targeted with DoS attacks from bogon IPs, then it'd certainly be a good idea to use the full bogon list.

              Just my 2 cents ...

              1 Reply Last reply Reply Quote 0
              • C Offline
                cmb
                last edited by

                Sure enough, ARIN shows non-allocated, but it's in the Internet routing table. In my BGP:

                flags destination          gateway          lpref  med aspath origin
                      64.185.229.0/24      x.x.x.x    100    0 27325 7459 3356 27431 i

                It's AS 27431.
                JTL Networks Inc.
                240 N Fifth Street
                Suite 210
                Columbus OH

                Looks like a legit company, my guess is one of their customers is being bad and they're announcing that space without realizing it.

                I emailed their abuse with info.

                1 Reply Last reply Reply Quote 0
                • N Offline
                  NOYB
                  last edited by

                  Apparently their abuse department doesn't care.

                  
Feb 2 22:39:07	WAN	    64.185.229.239:50267	    d.d.d.d:22	TCP:S
                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.