Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP filter egress packets on your interface? No, neither
does mine ;-) (and in this case I control the border routing so I
know it for sure)
Most competent ISPs will filter customer interfaces to prevent bogons,
and some will filter public peering ports for bogons, but even with
both of those a surprising number of 10.x packets make their way to
our hosts.
belt-and-suspenders: Even if it's unlikely for a 10.x packet to reach
the host, why should I trust it?
I've never had an ISP/hoster block bogons, but I've never let them in.
it's part of the first rules in ipf/pf/iptables/router/$FW (and in both
directions. so my networks never send packets with bogon IPs to the
internet). if you don't partition the network correctly, you'll have a
lot of problems trying to deal with such annoyances.
