nanog mailing list archives
Re: Exodus / Clue problems
From: Daniel Senie <dts () senie com>
Date: Mon, 16 Nov 1998 16:02:34 -0500
John Fraizer wrote:
Why on earth would anyone let any of the following networks in to their network at the border? 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 Hell, for that matter, I block anything claiming to be from our networks as well. There's no way they'll be originating from the outside unless it's spoofed. Nothing and I mean NOTHING claiming to be from any of them at your border is valid.
Define "network border." I used to block all traffic from or to RFC1918 addresses, but my present upstream is using 10.0.0.0/8 and 172.16.0.0/16, at least, for their internal use. So, the IP address of the WAN interface on my router connecting to them has a 10.0.0.0/8 address. If I block incoming traffic to 10.0.0.0/8, they can't monitor my net. It appears this is becoming the preferred way for ISPs to limit their use of address space for internal-only functions. While this makes sense at some levels, attached corporate networks may have already used those addresses. The result is some level of confusion, though for the most part it doesn't break too many things. Mostly, it's just annoying since firewalls can't filter out stuff they'd otherwise limit. In cases where ISPs use RFC1918 addresses within their networks, they really should: - Tell their downstream customers WHICH of these blocks are in use. - Provide filters at peering points that ensure RFC1918 addresses from outside the ISP's space do not come in from outside. - Provide Ingress filtering at all downstream customer ports to ensure only valid source IP addresses come from their customers. Dan -- ----------------------------------------------------------------- Daniel Senie dts () senie com Amaranth Networks Inc. http://www.amaranthnetworks.com
Current thread:
- Re: Exodus / Clue problems, (continued)
- Message not available
- Re: Exodus / Clue problems Steve Noble (Nov 18)
- Re: Exodus / Clue problems Steven J. Sobol (Nov 18)
- Re: Exodus / Clue problems Adam Rothschild (Nov 15)
- RE: Exodus / Clue problems John A. Tamplin (Nov 16)
- Re: Exodus / Clue problems Daniel Senie (Nov 16)
- Re: Exodus / Clue problems Phil Howard (Nov 16)
- Re: Exodus / Clue problems Marc Slemko (Nov 16)
- Re: Exodus / Clue problems Daniel Senie (Nov 16)
- Re: Exodus / Clue problems Steve Noble (Nov 18)
- Re: Exodus / Clue problems Steven J. Sobol (Nov 18)
- Re: Exodus / Clue problems Steve Noble (Nov 18)
- Re: Exodus / Clue problems Steven J. Sobol (Nov 18)