Re: Who does source address validation? (was Re: what's that smell?)

North American Network Operators Group

Re: Who does source address validation? (was Re: what's that smell?)

From: Barb Dijker
Date: Tue Oct 08 19:28:18 2002

At 10:34 PM 10/8/02 +0100, Stephen J. Wilcox wrote:

Not all IP packets require a return, indeed only TCP requires it. It is quite
possible to send data over the internet on UDP or ICMP with RFC1918 source
addresses and for their to be no issue. Examples of this might be icmp fragments
or UDP syslog which altho shouldnt according to RFC1918 be on these source
addresses might be and if you block these on major backbone routes you may break
something.

No. Filtering RFC1918 doesn't break anything. It merely shows you what was already broken and you didn't know it. If you have a box that is putting an RFC1918 source address in its packets destined for external nets, and it doesn't get NAT'd, your net config is broken.

...Barb

References:
- Re: Who does source address validation? (was Re: what's that smell?) Sean Donelan
- Re: Who does source address validation? (was Re: what's that smell?) Stephen J. Wilcox

Prev by Date: Re: what's that smell?
Next by Date: Re: Who does source address validation? (was Re: what's that smell?)
Date Index
Thread Index
Author Index
Historical