|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: address spoofing
[ On Friday, April 23, 1999 at 00:59:06 (-0500), Phil Howard wrote: ] > Subject: Re: address spoofing > > My outbound access lists block it, so you should never see 1918 > sources coming from me. You should see "* * *" instead, even > if you don't block them coming in to your net. I think this sucks big-time. It wouldn't be quite so bad if traceroute were the only thing that were broken by it (though I do like my traceroutes to work properly too), but when all ICMP traffic from such a router is hosed, and one of the links my packets are trying to hop onto through such a router is down, then I'm a particularly unhappy camper (if I could see the !H or !N I'd still be unhappy of course, but not throwing my arms up in disgust at the guy generating the * * *). Of course even an upstream provider from my own home network does this, depsite the fact I've chided and cajoled and otherwise bugged them to change it. Now in Phil's networks perhaps it is normally impossible for illegally formed host-unreachables to be generated even in the face of outages because hopefully he's got everything running fully redundant, but *I* see this kind of breakage from all kinds of places many times a day in the filter logs on my networks and those of my clients. There's also not really any difference between you blocking those packets on the way out, and me blocking them on the way in -- the end result is that all ICMP and whatever else from those routers is busted. Perhaps router vendors can figure out some way to ensure that all packets generated by a router get a unique, valid, non-RFC1918 number when they would otherwise have used an RFC1918 number. Maybe people who think they need to use RFC1918 should instead just hide all their internal crap in a big ATM or FR cloud. Then there's the crap I see in the filter logs on my HTTP transparent cache and proxy machines that seems to indicate people have publicly published URLs (perhaps with publicly visible DNS) that point at RFC1918 space..... Grrrrr. -- Greg A. Woods +1 416 218-0098 VE3TCP <[email protected]> <robohack!woods> Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>
|