Re: address spoofing

[alex () nac net]

On Sun, 25 Apr 1999, Phil Howard wrote:

> Greg A. Woods wrote:
>
> > my upstream provider to use RFC1918 on inter-router links, but they do
> > anyway.  I'd like them to filter those addresses too, but they won't.
>
> I do agree they should be filtered out.
>
> At what point should we draw the line and say who can, and who cannot,
> use RFC1918 addresses on links?  My first thought would be any link over
> which traffic from more than one AS transits, or between AS's, should
> always be fully routable.  Any better ideas?

Somewhere along the lines of this thread, the point has been lost (IMHO).

If a provider uses 1918 addresses on internal links, who cares? And when
you say 'filter' them, do you mean filter them in routing announcements,
or filter any traffic to/from that ips?

If the former, than thats good, you should do that; it should be part of
your martian filters. If the latter, thats fine too, but traceroutes will
'*' on those hops.

But, once again, who cares? Conservation of IP space is good at worst.


> > won't be using precious unique IPs and feel the pressure to use RFC1918
> > numbers instead).  I'm certainly no expert at this, but from the outside
> > I've seen it done quite successfully.  It sure cuts down on the hop
> > count visible from traceroute too!

Using 1918 space will have no bearing on hop count or visibility of the
hop. Thats rediculous.




-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
     Atheism is a non-prophet organization. I route, therefore I am.
       Alex Rubenstein, alex () nac net, KC2BUO, ISP/C Charter Member
               Father of the Network and Head Bottle-Washer
     Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
 Don't choose a spineless ISP; we have more backbone!  http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --