nanog mailing list archives

Re: address spoofing

From: Alex Bligh <amb () gxn net>
Date: Thu, 22 Apr 1999 23:47:29 +0200

anyone have clues other than net slime and misconfigured nats?


Possibly users behind your filters are tracerouting through
somewhere which has PtP links configured in RFC1918 space,
and you are seeing ICMP TTL exceeded back from these addresses.
Some people allege configuring publicly visible PtPs to RFC1918
addresses is not bad practice. YMMV.

If you really want to know what they are, policy route them
to a spare ethernet port back to backed with a box running
tcpdump. But then you knew that already.

-- 
Alex Bligh
GX Networks (formerly Xara Networks)

Current thread:

Re: address spoofing, (continued)
- - - Re: address spoofing Forrest W. Christian (Apr 23)
    - Re: address spoofing sthaug (Apr 23)
    - Re: address spoofing John Leong (Apr 23)
    - Re: address spoofing Daniel Senie (Apr 23)
    - Re: address spoofing bmanning (Apr 23)
    - Re: address spoofing Andrew Brown (Apr 23)
    - Re: address spoofing Randy Bush (Apr 23)
    - Re: address spoofing Dan Hollis (Apr 23)
    - Re: address spoofing sthaug (Apr 23)
    - Re: address spoofing Greg A. Woods (Apr 23)
- Re: address spoofing Alex Bligh (Apr 22)
  - Re: address spoofing Phil Howard (Apr 22)
    - Re: address spoofing Greg A. Woods (Apr 23)
    - Re: address spoofing Phillip Vandry (Apr 23)
    - Re: address spoofing Greg A. Woods (Apr 23)
    - Re: address spoofing Phil Howard (Apr 23)
    - Re: address spoofing Bryan Bradsby (Apr 23)
    - Re: address spoofing Phil Howard (Apr 23)
    - Re: address spoofing Andrew Brown (Apr 23)
    - Re: address spoofing Phil Howard (Apr 25)
    - Re: address spoofing sthaug (Apr 25)

(Thread continues...)