|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco says attacks are due to operational practices
On Thu, 10 Feb 2000, Richard Steenbergen wrote: > Filtering traffic sourced from 1918 space is also stupid. There is > absolutily nothing wrong with this traffic. There is something wrong with Nothing wrong with it? It is private address space. It should not be sent across the Internet. If you are sending traffic sourced from those IPs and expecting it to get through to arbitrary destinations, then that is your problem, not the problem of the person filtering it. Sure, if within a certain set of cooperating networks you wish to agree about certain policies for such traffic then that is fine; that isn't the public Internet. There are a huge number of legitimate reasons to filter traffic from 1918 space, such as using those addresses internally. That is why they are private addresses and why you must not expect anyone to pass traffic that you send from such addresses and why you shouldn't send such traffic. Anyone who uses 1918 space for router links where there is a drop in MTU that can result in an ICMP can't fragment being sent from a 1918 address over the Internet has a broken setup that will cause problems, even if you don't hear about them. Generating such packets in other things, such as traceroutes, is not great either but doesn't actually break things in the same way.
|