North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RFC 1918
In article <[email protected]>, "Richard A. Steenbergen" <[email protected]> wrote: > I still have not seen a single compelling arguement which says you gain > one bit more security by filtering RFC1918-source'd packets. It is useless > at best, and disruptive at worst. No correct configuration will send me packets with a source address from RFC 1918 space. In a correct world, such filters will have no effect. Only packets from the incorrect world will be hit by these filters. As a matter of network policy, I do not wish to speak to incorrect hosts, whatever their intentions. If being unable to connect to MSRL hosts causes people to fix their incorrect configurations, I am pleased. If it causes them to be upset, I am indifferent. The smoothly running Internet is the set of standards-compliant hosts. We must guard against incorrectness with a steady, ruthless, automated hand. -- Shields.
|