North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: rfc 1918?
On Fri, Feb 23, 2001 at 12:32:11AM +0200, Ariel Biener wrote: > > On Thu, 22 Feb 2001, Greg A. Woods wrote: > > > This gets us back to the discussin we had here about 3-4 months ago > about what should be done in order to create a friendly internet > environment, that is, where every Internet connected entity actually > gives a damn about everyone else. We go through this every couple months, and the same conclusion is reached every time. The psycho paranoid people like Greg Woods and Eric Hall scream that any RFC1918 sourced packet on the internet is a sign of the apocalypse, and you must apply packet filters to stop them from going out and coming in. Most everyone else just doesn't care, and realizes that yes it's a packet you won't be able to reply to but the world will not end if a few of them are floating around on the internet. There is far worse traffic floating about then an RFC1918 packet because of someone's misconfigured NAT, and they will probably proceed to FIX IT when they can't communicate with the rest of the world through it. Yes sometimes there IS communication from sources where we DO NOT want a reply back, like the ICMP messages generated by a router. It might be a better practice to simply put them in a section of allocated but unannounced IP space to avoid the 1918-nazi's, but thats another story. If you have your own 1918 space and you are worried that there might be some mysterious conflict, then by all means filter them from your ingress connection the same way you should filter ALL packets sourced from your ip space. Now can we please let it go? -- Richard A Steenbergen <[email protected]> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)