|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RFC 1918
On Tue, 18 Jul 2000, Eric A. Hall wrote: > "Richard A. Steenbergen" wrote: > > > > On Mon, 17 Jul 2000, Eric A. Hall wrote: > > > > > When ISPs choose to mark their packets with Internet-illegal > > > addresses, they are contributing to these problems. Sorry, but > > > you're not supposed to be using these addresses anyway. > > > > This is utterly stupid. You can use these addresses any way you see > > fit, you can source packets from them if you'd like, and they are as > > valid as any other address to use and be "on the internet". > > What's dumber? > > a) Filtering illegal packets from entering your network because > they use your internal address range, because they are classed > unroutable and should never appear on that interface, or both Unroutable means you can't reach where the packets came from, not that the packets can't reach you. Just because you can't reply doesn't mean someone shouldn't be allowed to send you an informative piece of information, like a traceroute ttl-exceed. > b) Sending packets that you KNOW will be dropped or filtered by > a good portion of their intended recipients. This is not true. For the people like you who think they need to filter it, you've accomplished your goal. For the rest of the world, they simply do not care. Obviously its not prefered by anyone to have RFC1918 sourced packets out there, mainly because they're not all that useful. But IMHO your belief that these are "Illegal bad wrong packets which should never appear on that interface" is incorrect. As for the DoS issue, as I explained to someone in private email, there are three distinctions you can break a filter into: 1) It provides security 2) It stops an attack 3) It reduces an attack RFC1918 filters obviously do not provide security. RFC1918 filters obviously do not "stop" any attacks outright. RFC1918 filters reduce the impact of attacks which can spoof by 3.19% I really don't see why you're wasting your time on it. Actually I really don't see why we're waiting our time argueing, this thread has long outlived its usefulness. But IMHO the RFC1918-nazi is not needed. :P -- Richard A Steenbergen <[email protected]> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
|