Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: rfc 1918?

  • From: Greg A. Woods
  • Date: Thu Feb 22 17:30:16 2001

> > > You're not crazy, and UUNet should be filtering them.

No Chris, you're not crazy...

> > There are good reasons to want to get those packets (traceroutes from
> > people who have numbered their networks in rfc1918 networks,

No John, there are exactly zero reasons, good or otherwise, for allowing
any traffic with RFC-1918 source addresses to traverse any part of the
public Internet.  Period!  :-)

[ On Thursday, February 22, 2001 at 13:22:27 (-0800), Eric A. Hall wrote: ]
> Subject: Re: rfc 1918?
> That's not a good reason. Nobody should be generating public traffic from
> those addresses, "making them work" is not an Internet-friendly decision.


The sooner RFC-1918-sourced packets get filtered (i.e. the closer to
source they get filtered, *and* the quicker that *EVERYONE* introduces
such filters), then the sooner (i.e. the quicker) the people (and that's
the politely and politically correct way of speaking of them) who think
they can use private addresses in public networks will hopefully get
clue-by-4'ed into changing their errant ways.

Now if only I could find some magic way to let all those trigger happy
people running lame IDS to complain to the true source of such packets.
If the relatively few complaints I see from such people when accidental
ftp or http connections are attempted to their workstations are any
indication, then the mere volume of complaints alone would probably be
sufficient reason for anyone to stop using RFC-1918 addressing.  Too bad
the Internet's not just one big large bridged Ethernet and then we could
just look up the MAC address (on our border bridges, of course) of any
offender and then go beat them over the head directly with the magnled
packets!  :-)

Thankfully there are now devices that can do such filtering effectively
even at very high core speeds....  Now we only have to convince the
manufacturers of such devices to supply them with default configurations
that do such filtering (and not to make the stupid mistake that they
need to leave their factory configurations as if they will only ever
live in a lab environment)!

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.