Re: RFC 1918

["Richard A. Steenbergen" <ras () e-gerbil net>]

On Fri, 14 Jul 2000, Rick wrote:

> Richard I think you MISS two points which are at the center of this thread.
> First every sub-hacker (ie, those who do NOT write their own source) will
> usually use RFC1918 for any type of DOS attack as it is the recommended source
> of attack (if you do not agree with this then this thread is pointless).

I absolutily do not agree with this. I have never seen this behavior yet,
know of no hackers who would bother, and they gain nothing from it. If
they can spoof the attack effectively, they'll either do it random
sourced, pick an IP out of their err head, or pick an IP they know,
perhaps someone they don't like.

> Second as others have pointed out the RFC1918 was created with the primary
> purpose to not only help limit the allocation of globally routeable IP's but
> also limit the amount of traffic on the Internet as a whole. By applying
> filters at the border routers it helps to reinforce these standards.  IMHO

Thats utterly rediculous. A single non-connection orientied response which
cannot generate more responses leaving the 1918 restricted space will have
no impact on traffic levels. I'm also supprised by the number of people
who live in the dream world that all networks are as small and easily
filterable as theirs. Don't even attempt to complain about a backbone
provider carrying 1918-sourced traffic.

The only real reason to filter 1918 space is if you are afraid there will
be an IP conflict between something you have numbered in your 1918 space,
and the responses which could be generated by someone elses 1918 space
(for example, a dest unreachable coming from someone's 1918 P-t-P sourced
to something you have an IP for as well).

-- 
Richard A Steenbergen <ras () e-gerbil net>   http://www.e-gerbil.net/humble
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)