Re: General question on rfc1918

From: Phil Regnauld (no email)
Date: Tue Nov 13 2007 - 11:16:58 EST

  • Next message: Paul Ferguson: "Re: General question on rfc1918"

    Joe Abley (jabley) writes:
    >
    > You drop the packet at your border before it is sent out to the Internet.
    >
    > This is why numbering interfaces in the data path of non-internal traffic is
    > a bad idea.

            Unfortunately many providers have the bad habit of using RFC1918
            for interconnect, on the basis that a) it saves IPs b) it makes
            the interconnect "not vulnerable" [1].

    > > Packets which are strictly error/status reporting -- e.g. IMP
    > > 'unreachable',
    > > 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network
    > > boundaries _solely_ because of an RFC1918 source address.
    >
    > I respectfully disagree.

            Same here, and even if egress filtering didn't catch it, many inbound
            filters will.

            [1] I'v also heard of ISPs having an entire /16 of routable addresses
            for their interconnect, but they just don't advertise to peers.


  • Next message: Paul Ferguson: "Re: General question on rfc1918"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD