Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: rfc 1918?

  • From: Ariel Biener
  • Date: Thu Feb 22 17:39:12 2001

On Thu, 22 Feb 2001, Greg A. Woods wrote:


This gets us back to the discussin we had here about 3-4 months ago about
what should be done in order to create a friendly internet environment,
that is, where every Internet connected entity actually gives a damn about
everyone else.

--Ariel
> 
> > > > You're not crazy, and UUNet should be filtering them.
> 
> No Chris, you're not crazy...
> 
> > > There are good reasons to want to get those packets (traceroutes from
> > > people who have numbered their networks in rfc1918 networks,
> 
> No John, there are exactly zero reasons, good or otherwise, for allowing
> any traffic with RFC-1918 source addresses to traverse any part of the
> public Internet.Period!  :-)
> 
> [ On Thursday, February 22, 2001 at 13:22:27 (-0800), Eric A. Hall wrote: ]
> > Subject: Re: rfc 1918?
> >
> > That's not a good reason. Nobody should be generating public traffic from
> > those addresses, "making them work" is not an Internet-friendly decision.
> 
> Precisely.
> 
> The sooner RFC-1918-sourced packets get filtered (i.e. the closer to
> source they get filtered, *and* the quicker that *EVERYONE* introduces
> such filters), then the sooner (i.e. the quicker) the people (and that's
> the politely and politically correct way of speaking of them) who think
> they can use private addresses inpublic networks will hopefully get
> clue-by-4'ed into changing their errant ways.
> 
> Now if only I could find some magic way to let all those trigger happy
> people running lame IDS to complain to the true source of such packets.
> If the relatively few complaints I see from such people when accidental
> ftp or http connections are attempted to their workstations are any
> indication, then the mere volume of complaints alone would probably be
> sufficient reason for anyone to stop using RFC-1918 addressing.Too bad
> the Internet's not just one big large bridged Ethernet and then we could
> just look up the MAC address (on our border bridges, of course) of any
> offender and then go beat them over the head directly with the magnled
> packets!:-)
> 
> Thankfully there are now devices that can do such filtering effectively
> even at very high core speeds....Now we only have to convince the
> manufacturers of such devices to supply them with default configurations
> that do such filtering (and not to make the stupidmistake that they
> need to leave their factory configurations as if they will only ever
> live in a lab environment)!
> 
> --
> 							Greg A. Woods
> 
> +1 416 218-0098    VE3TCP      <gwoods@acm.org>      <robohack!woods>
> Planix, Inc. <woods@planix.com>;Secrets of the Weird <woods@weird.com>
> 

--
Ariel Biener
e-mail: ariel@post.tau.ac.il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.