On 13-Nov-2007, at 10:08, Drew Weaver wrote:
Hi there, I just had a real quick question. I hope this is
found to be on topic.
Is it to be expected to see rfc1918 src'd packets coming from
transit carriers?
You should not send packets with RFC1918 source or destination
They do. What you are seeing are probably forged packets. Nmap etc. all let
you forge SIP, in fact they automate it. One Nmap mode actually actively
obfuscates network scans by doing random SIPs--e.g. 10,000 random SIPs and one
real one--this makes it hard to figure out who is actually
On Tue, 13 Nov 2007, Drew Weaver wrote:
Hi there, I just had a real quick question. I hope this is found to be
on topic.
Is it to be expected to see rfc1918 src'd packets coming from transit
carriers?
I would recommend grilling your carriers to find out why they're not
dropping packets
Hi there, I just had a real quick question. I hope this is found to
be on topic.
Is it to be expected to see rfc1918 src'd packets coming from transit
carriers?
We have filters in place on our edge (obviously) but should we be seeing
traffic from 192.168.0.0 and 10.0.0.0 et
From [EMAIL PROTECTED] Tue Nov 13 09:12:04 2007
Cc: nanog@merit.edu nanog@merit.edu
From: Joe Abley [EMAIL PROTECTED]
To: Drew Weaver [EMAIL PROTECTED]
Subject: Re: General question on rfc1918
Date: Tue, 13 Nov 2007 10:10:26 -0500
On 13-Nov-2007, at 10:08, Drew Weaver wrote
On 13-Nov-2007, at 10:35, Robert Bonomi wrote:
On 13-Nov-2007, at 10:08, Drew Weaver wrote:
Hi there, I just had a real quick question. I hope this is
found to be on topic.
Is it to be expected to see rfc1918 src'd packets coming from
transit carriers?
You should not send packets
On Tue, 13 Nov 2007, Drew Weaver wrote:
Hi there, I just had a real quick question. I hope this is found to be
on topic.
Is it to be expected to see rfc1918 src'd packets coming from transit
carriers?
I would recommend grilling your carriers to find out why they're not
dropping packets
On Tue, 13 Nov 2007, Drew Weaver wrote:
Is it to be expected to see rfc1918 src'd packets coming from transit carriers?
Yes. Any ISP which uses RFC1918 on internal links may generate
various ICMP error packets (e.g. traceroute/TTL expire, PMTU
discovery/Fragmentation required, etc) from
Joe Abley (jabley) writes:
You drop the packet at your border before it is sent out to the Internet.
This is why numbering interfaces in the data path of non-internal traffic is
a bad idea.
Unfortunately many providers have the bad habit of using RFC1918
for