North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RFC 1918 addresses

  • From: Paul A Vixie
  • Date: Sat May 31 19:32:33 1997

I think that any exposure of these addresses outside their addressing realm
is a mistake.  Using them for otherwise unnumbered serial links would be fine
if Cisco had an option to "use loopback address when sending ICMP's" but they
don't.  Traceroute is sending increasing-TTL'd UDP datagrams, and if you are
seeing a 10.0.0.2 source address on an router's ICMP to you it means you would
get that as a normal ICMP too -- meaning not just one due to a diagnostic like
Traceroute.  I think this is an error.

Exposing an RFC 1918 private address in, say, a "Received:" header in e-mail
is less of a problem, though the spammers who do it are actually better able
to cover their origins, there's no way to prevent it and no normal damage 
from doing it.

No IP datagram with an RFC 1918 address in the protocol headers should be
allowed outside a private addressing realm.  This means not the source
address, not the destination address, and not the encapsulated addresses
inside an ICMP payload.