> On Jun 20, 2008, at 11:49 AM, John Hardin wrote: > >10.x is (supposedly) not routable on the public internet. If you see > >10.x (or other RFC-1918) traffic coming in from the world, your ISP > >is broken.
On 20.06.08 11:57, Jo Rhett wrote: > Does your ISP filter egress packets on your interface? No, neither > does mine ;-) (and in this case I control the border routing so I > know it for sure) > > Most competent ISPs will filter customer interfaces to prevent bogons, > and some will filter public peering ports for bogons, but even with > both of those a surprising number of 10.x packets make their way to > our hosts. > belt-and-suspenders: Even if it's unlikely for a 10.x packet to reach > the host, why should I trust it? it one packet reaches your host, nothing happends. Fot the TCP/SMTP connections to be opened, (at least) three packets must be sent, in both directions. If you can trace to 10.x address that is not part of your network, it's a problem. Solve this problem by configuring of your network, firewalls, asking your ISP to do the same. Do not try to solve this problem at SA level. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have.