nanog mailing list archives
Re: private ip addresses from ISP
From: sthaug () nethelp no
Date: Tue, 23 May 2006 19:38:20 +0200 (CEST)
Filtering every last 1918 sourced packet you receive because it might have a DoS is like filtering all ICMP because people can ping flood. If you want to rate limit it, that is reasonable. If you want to restrict it to ICMP responses only, that is also reasonable. If on the other hand you are determined to filter every 1918 sourced packets between AS boundries (including ttl exceed, mtu exceed, and dest unreachable) because an RFC told you you "should", you are actually doing your customers a disservice.
Well, some of us happen to disagree. I have been very happy to see that both at my previous and at my present employer (large SPs by Norwegian standards), all 1918 traffic is filtered at the borders. We have never had any trouble from customers because of this, and we certainly intend to keep the filters. And yes, we have had these filters in place for several years... Steinar Haug, Nethelp consulting, sthaug () nethelp no
Current thread:
- private ip addresses from ISP adrian kok (May 17)
- RE: private ip addresses from ISP Ivan Groenewald (May 17)
- RIPE IP Anti-Spoofing Task Force (Was: private ip addresses from ISP) Jeroen Massar (May 17)
- RE: private ip addresses from ISP David Schwartz (May 17)
- <Possible follow-ups>
- RE: private ip addresses from ISP Andrew Kirch (May 22)
- Re: private ip addresses from ISP Hyunseog Ryu (May 22)
- Re: private ip addresses from ISP Richard A Steenbergen (May 23)
- Re: private ip addresses from ISP Edward B. DREGER (May 23)
- Re: private ip addresses from ISP Patrick W. Gilmore (May 23)
- Re: private ip addresses from ISP Richard A Steenbergen (May 23)
- Re: private ip addresses from ISP sthaug (May 23)
- Re: private ip addresses from ISP Patrick W. Gilmore (May 23)
- RE: private ip addresses from ISP Ivan Groenewald (May 17)
- Re: private ip addresses from ISP Daniel Senie (May 23)
- RE: private ip addresses from ISP Frank Bulk (May 23)
- Re: private ip addresses from ISP Joe Maimon (May 23)
- RE: private ip addresses from ISP Brian Johnson (May 23)
- Re: private ip addresses from ISP Joe Maimon (May 23)
- Re: private ip addresses from ISP Joseph S D Yao (May 23)