North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: rfc 1918?
- From: Ariel Biener
- Date: Thu Feb 22 17:39:12 2001
On Thu, 22 Feb 2001, Greg A. Woods wrote:
This gets us back to the discussin we had here about 3-4 months ago about
what should be done in order to create a friendly internet environment,
that is, where every Internet connected entity actually gives a damn about
> > > > You're not crazy, and UUNet should be filtering them.
> No Chris, you're not crazy...
> > > There are good reasons to want to get those packets (traceroutes from
> > > people who have numbered their networks in rfc1918 networks,
> No John, there are exactly zero reasons, good or otherwise, for allowing
> any traffic with RFC-1918 source addresses to traverse any part of the
> public Internet.Period! :-)
> [ On Thursday, February 22, 2001 at 13:22:27 (-0800), Eric A. Hall wrote: ]
> > Subject: Re: rfc 1918?
> > That's not a good reason. Nobody should be generating public traffic from
> > those addresses, "making them work" is not an Internet-friendly decision.
> The sooner RFC-1918-sourced packets get filtered (i.e. the closer to
> source they get filtered, *and* the quicker that *EVERYONE* introduces
> such filters), then the sooner (i.e. the quicker) the people (and that's
> the politely and politically correct way of speaking of them) who think
> they can use private addresses inpublic networks will hopefully get
> clue-by-4'ed into changing their errant ways.
> Now if only I could find some magic way to let all those trigger happy
> people running lame IDS to complain to the true source of such packets.
> If the relatively few complaints I see from such people when accidental
> ftp or http connections are attempted to their workstations are any
> indication, then the mere volume of complaints alone would probably be
> sufficient reason for anyone to stop using RFC-1918 addressing.Too bad
> the Internet's not just one big large bridged Ethernet and then we could
> just look up the MAC address (on our border bridges, of course) of any
> offender and then go beat them over the head directly with the magnled
> Thankfully there are now devices that can do such filtering effectively
> even at very high core speeds....Now we only have to convince the
> manufacturers of such devices to supply them with default configurations
> that do such filtering (and not to make the stupidmistake that they
> need to leave their factory configurations as if they will only ever
> live in a lab environment)!
> Greg A. Woods
> +1 416 218-0098 VE3TCP <firstname.lastname@example.org> <robohack!woods>
> Planix, Inc. <email@example.com>;Secrets of the Weird <firstname.lastname@example.org>
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html