North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: address spoofing

  • From: Phil Howard
  • Date: Fri Apr 23 22:32:57 1999

Phillip Vandry wrote:

> > > My outbound access lists block it, so you should never see 1918
> > > sources coming from me.  You should see "* * *" instead, even
> > > if you don't block them coming in to your net.
> > 
> > I think this sucks big-time.  It wouldn't be quite so bad if traceroute
> > were the only thing that were broken by it (though I do like my
> > traceroutes to work properly too), but when all ICMP traffic from such a
> > router is hosed, and one of the links my packets are trying to hop onto
> > through such a router is down, then I'm a particularly unhappy camper
> > (if I could see the !H or !N I'd still be unhappy of course, but not
> 
> ...and I'd certainly like to see my ICMP unreachables which are vital to
> path MTU discovery not blocked.

Since the road doesn't narrow, this won't be a problem on these links.
This is taken into consideration when the addresses are assigned.  There
might be others doing this improperly.

-- 
Phil Howard           KA9WGN
[email protected] [email protected]