North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: address spoofing

  • From: sthaug
  • Date: Fri Apr 23 18:00:11 1999

> means that packets with source addresses from RFC 1918 space should not be
> permitted on the global internet.   While I agree that RFC 1918 addresses
> should not be used on internet visible interfaces, I'm unaware of anywhere
> in the RFC's where it says that "routers should be configured to reject
> packets coming from RFC 1918 space."

As others have pointed out, there are indeed RFC sections which seem to
imply that packets coming from RFC 1918 space should not be visible on
the global Internet.

Furthermore, whether the RFC says so or not, I'm going to block these
packets at *my* border routers, because:

- I have absolutely *no* idea of where these packets might be coming
- and I have no possibility of generating sensible replies to packets
with RFC 1918 source addresses.

Steinar Haug, Nethelp consulting, [email protected]