|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: address spoofing
> anyone have clues other than net slime and misconfigured nats? Possibly users behind your filters are tracerouting through somewhere which has PtP links configured in RFC1918 space, and you are seeing ICMP TTL exceeded back from these addresses. Some people allege configuring publicly visible PtPs to RFC1918 addresses is not bad practice. YMMV. If you really want to know what they are, policy route them to a spare ethernet port back to backed with a box running tcpdump. But then you knew that already. -- Alex Bligh GX Networks (formerly Xara Networks)
|