nanog mailing list archives
Re: RFC 1918
From: Michael Shields <shields () msrl com>
Date: 15 Jul 2000 04:59:37 +0000
In article <Pine.BSF.4.21.0007141956280.95155-100000 () overlord e-gerbil net>, "Richard A. Steenbergen" <ras () e-gerbil net> wrote:
I still have not seen a single compelling arguement which says you gain one bit more security by filtering RFC1918-source'd packets. It is useless at best, and disruptive at worst.
No correct configuration will send me packets with a source address from RFC 1918 space. In a correct world, such filters will have no effect. Only packets from the incorrect world will be hit by these filters. As a matter of network policy, I do not wish to speak to incorrect hosts, whatever their intentions. If being unable to connect to MSRL hosts causes people to fix their incorrect configurations, I am pleased. If it causes them to be upset, I am indifferent. The smoothly running Internet is the set of standards-compliant hosts. We must guard against incorrectness with a steady, ruthless, automated hand. -- Shields.
Current thread:
- Re: RFC 1918, (continued)
- Re: RFC 1918 Todd R. Stroup (Jul 14)
- Re: RFC 1918 John Fraizer (Jul 15)
- Re: RFC 1918 Bill Fumerola (Jul 15)
- Re: RFC 1918 Todd R. Stroup (Jul 14)
- Re: RFC 1918 Eric A. Hall (Jul 14)
- Re: RFC 1918 Rick (Jul 14)
- Re: RFC 1918 Richard A. Steenbergen (Jul 14)
- Re: RFC 1918 Dan Hollis (Jul 14)
- Re: RFC 1918 Greg A. Woods (Jul 16)
- Re: RFC 1918 Greg A. Woods (Jul 16)
- Re: RFC 1918 John Fraizer (Jul 17)
- Re: RFC 1918 Stephen Kowalchuk (Jul 17)
- Re: RFC 1918 ww (Jul 17)
- Re: RFC 1918 Eric A. Hall (Jul 17)
- Re: RFC 1918 ww (Jul 17)
- Re: RFC 1918 Scott McGrath (Jul 18)
- Re: RFC 1918 Stephen Kowalchuk (Jul 17)