nanog mailing list archives
Re: address spoofing
From: Daniel Senie <dts () senie com>
Date: Thu, 22 Apr 1999 20:13:47 -0400
"Gary E. Miller" wrote:
Yo Randy! On Thu, 22 Apr 1999, Randy Bush wrote:deny ip 10.0.0.0 0.255.255.255 any (593 matches) deny ip 172.16.0.0 0.15.255.255 any (201 matches) deny ip 192.168.0.0 0.0.255.255 any (769 matches)[...]anyone have clues other than net slime and misconfigured nats?If you did a traceroute thru a router using a private address on one of it's interfaces you could see this. That would be legit.
What RFC 1918 says, is that you're supposed to ensure at border points that private addresses are not leaked. ISPs who insist on using RFC 1918 addresses on their routers should be responsible for filtering out any responses such routers make (e.g. traceroute packets) at their borders. In reality, routers used in the ISP infrastructure are NOT good candidates for RFC 1918 addresses. My present upstream (@Home network) appears to use all of the RFC 1918 address blocks for their own use, and leaks them everywhere. Had I known this before signing a contract, they wouldn't have gotten my business. An interesting passage from RFC 1918, a.k.a. BCP 5, is: "Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. If such a router receives such Information the rejection shall not be treated as a routing protocol error." -- ----------------------------------------------------------------- Daniel Senie dts () senie com Amaranth Networks Inc. http://www.amaranthnetworks.com
Current thread:
- address spoofing Randy Bush (Apr 22)
- Re: address spoofing Gary E. Miller (Apr 22)
- Re: address spoofing Jared Mauch (Apr 22)
- Re: address spoofing Randy Bush (Apr 22)
- Re: address spoofing Tim Finkenstadt (Apr 22)
- Re: address spoofing Jeremy Porter (Apr 22)
- Re: address spoofing John Leong (Apr 23)
- Re: address spoofing John Leong (Apr 23)
- Re: address spoofing Simon Leinen (Apr 27)
- Re: address spoofing Jared Mauch (Apr 22)
- Re: address spoofing Gary E. Miller (Apr 22)
- Re: address spoofing Daniel Senie (Apr 22)
- Re: address spoofing Forrest W. Christian (Apr 23)
- Re: address spoofing Andrew Brown (Apr 23)
- Re: address spoofing Forrest W. Christian (Apr 23)
- Re: address spoofing sthaug (Apr 23)
- Re: address spoofing John Leong (Apr 23)
- Re: address spoofing Daniel Senie (Apr 23)
- Re: address spoofing bmanning (Apr 23)
- Re: address spoofing Andrew Brown (Apr 23)
- Re: address spoofing Randy Bush (Apr 23)
- Re: address spoofing Dan Hollis (Apr 23)