North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: rfc 1918?
On Thu, 22 Feb 2001, Greg A. Woods wrote: This gets us back to the discussin we had here about 3-4 months ago about what should be done in order to create a friendly internet environment, that is, where every Internet connected entity actually gives a damn about everyone else. --Ariel > > > > > You're not crazy, and UUNet should be filtering them. > > No Chris, you're not crazy... > > > > There are good reasons to want to get those packets (traceroutes from > > > people who have numbered their networks in rfc1918 networks, > > No John, there are exactly zero reasons, good or otherwise, for allowing > any traffic with RFC-1918 source addresses to traverse any part of the > public Internet.Period! :-) > > [ On Thursday, February 22, 2001 at 13:22:27 (-0800), Eric A. Hall wrote: ] > > Subject: Re: rfc 1918? > > > > That's not a good reason. Nobody should be generating public traffic from > > those addresses, "making them work" is not an Internet-friendly decision. > > Precisely. > > The sooner RFC-1918-sourced packets get filtered (i.e. the closer to > source they get filtered, *and* the quicker that *EVERYONE* introduces > such filters), then the sooner (i.e. the quicker) the people (and that's > the politely and politically correct way of speaking of them) who think > they can use private addresses inpublic networks will hopefully get > clue-by-4'ed into changing their errant ways. > > Now if only I could find some magic way to let all those trigger happy > people running lame IDS to complain to the true source of such packets. > If the relatively few complaints I see from such people when accidental > ftp or http connections are attempted to their workstations are any > indication, then the mere volume of complaints alone would probably be > sufficient reason for anyone to stop using RFC-1918 addressing.Too bad > the Internet's not just one big large bridged Ethernet and then we could > just look up the MAC address (on our border bridges, of course) of any > offender and then go beat them over the head directly with the magnled > packets!:-) > > Thankfully there are now devices that can do such filtering effectively > even at very high core speeds....Now we only have to convince the > manufacturers of such devices to supply them with default configurations > that do such filtering (and not to make the stupidmistake that they > need to leave their factory configurations as if they will only ever > live in a lab environment)! > > -- > Greg A. Woods > > +1 416 218-0098 VE3TCP <[email protected]> <robohack!woods> > Planix, Inc. <[email protected]>;Secrets of the Weird <[email protected]> > -- Ariel Biener e-mail: [email protected] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
|