North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: rfc 1918?

  • From: Greg A. Woods
  • Date: Thu Feb 22 18:56:55 2001

[ On Thursday, February 22, 2001 at 22:40:11 (+0000), Stephen J. Wilcox wrote: ]
> Subject: Re: rfc 1918?
>
> Altho Path MTU from RFC1918 P2P links will arrive and if you block them
> you'll find strange things occur on transfering data so you cant say
> nothing should come on 1918 space.

Even more reason to filter RFC-1918 src/dest addresses comletely and
utterly.  Such broken implemenations deserve to be cut off from the
public Interent as they cause nothing but problems.

Note that anyone using PRIVATE addresses within their own networks, and
with an even half decent security policy, is forced to filter all such
junk at their borders anyway, so they could never "win" with such broken
implementations.

I.e. the only "fair" thing to do is to filter all RFC-1918 addresses
early and often from all public Internet links.

> > > That's not a good reason. Nobody should be generating public traffic from
> > > those addresses, "making them work" is not an Internet-friendly decision.
> 
> I agree, altho a lot of people do use 1918 for their p2p.

That's not necessarily quite the same issue, so long as no packets ever
traverse the rest of the public Internet with RFC-1918 source or
destination addresses.

(Un)Fortunately it's difficult, or even impossible in some cases, to
prevent packets with PRIVATE addresses from being generated and so it's
still extremely bad practice to use PRIVATE addresses for any point-to-
point links with transit PUBLIC traffic "in the raw" (i.e. not in a
tunnel that would have PUBLIC end-point addresses).

> > The sooner RFC-1918-sourced packets get filtered (i.e. the closer to
> 
> until the previous item is fixed tho you'll break things if you do this.

Indeed -- but the sooner and more often such things are "broken", the
sooner they'll get fixed properly!

"Tough love", and "you've got to be good to be bad", etc., etc., etc....

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>