On Sat, 22 Jun 2002, Stephen Gill wrote:

> I'd like to announce the availability of a paper entitled "Application
> Note: Securing BGP on Juniper Routers."  This paper is based on my
> previously released "JUNOS Secure BGP Template" though it attempts to go
> into much greater depth/detail, covering the steps necessary to fully
> secure a BGP configuration on Juniper Routers.  Though some instances
> may not apply in all networks, they should serve as a decent guide
> towards JUNOS BGP hardening.  Take your configurations seriously!!!

I've linked you on my site http://www.bgpexpert.com/

I was looking at your bogon filtering. I don't know much about Junipers,
but... Under Black Hole Routes you say:

"Whether packets are traveling outbound or inbound, traffic destined to
these networks will be dropped if they reach the local router."

But then:

"[edit routing-options]
static  {
  /* Discard routes for traffic destined to these networks */
  route 0.0.0.0/8 discard;
  route 1.0.0.0/8 discard;
  ..."

So does this filter only packets _to_ these addresses or also packets
seeming to come _from_ those addresses?

I feel filtering on bogon destinations is pretty much a waste of time: if
you already filter on bogon sources you'll see no bogon destinations to
speak of.

I agree that in theory filtering on bogon sources can be beneficial, but
does it really do anything useful in practice?

Iljitsch van Beijnum