nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RFC1918 addresses to permit in for VPN?

From: John Fraizer <nanog () EnterZone Net>
Date: Fri, 29 Dec 2000 12:50:43 -0500 (EST)



Block traffic sourced from 1918 space at the borders like all good
providers should do and it looks more like this:

11  transit1-pos10-3.ilford.ukcore.bt.net (194.74.16.245)  105.436 ms 104.467 ms  110.371 ms
12  core2-gig3-0.ilford.ukcore.bt.net (194.74.16.111)  109.295 ms  105.359 ms  107.466 ms
13  core2-pos10-0.bletchley.ukcore.bt.net (62.6.196.221)  107.255 ms 107.344 ms  109.345 ms
14  vhsaccess1-pos8-0.bletchley.fixed.bt.net (62.6.197.138)  107.308 ms 105.954 ms  111.282 ms
15  213.120.207.222 (213.120.207.222)  107.333 ms  106.454 ms  105.460 ms
16  * * *
17  * * *
18  213.120.62.61 (213.120.62.61)  106.933 ms  109.007 ms  111.363 ms
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *



---
John Fraizer
EnterZone, Inc



On Fri, 29 Dec 2000, Andrew Brown wrote:



speaking of rfc1918 addresses...one of my machines at home got poked
at, so i did the usual thing which was perhaps waste about five
minutes poking back from some place else if i feel like it.  what i
saw piqued my interest:

% traceroute -f12 213.123.76.29
traceroute to 213.123.76.29 (213.123.76.29), 30 hops max, 40 byte packets
12  core1-pos10-0.bletchley.ukcore.bt.net (62.6.196.217)  349.804 ms  391.793 ms  354.819 ms
13  vhsaccess1-pos7-0.bletchley.fixed.bt.net (62.6.197.134)  472.775 ms  413.810 ms  429.770 ms
14  213.120.207.218 (213.120.207.218)  288.801 ms  285.806 ms  376.831 ms
15  172.16.93.125 (172.16.93.125)  348.788 ms  383.831 ms  274.826 ms
16  172.16.93.49 (172.16.93.49)  284.805 ms  426.828 ms  869.717 ms
17  172.16.93.37 (172.16.93.37)  243.793 ms  386.818 ms  394.838 ms
18  172.16.93.1 (172.16.93.1)  399.757 ms  281.851 ms  324.813 ms
19  192.168.250.17 (192.168.250.17)  279.814 ms  315.717 ms  241.842 ms
20  213.123.76.29 (213.123.76.29) 241.812 ms  247.859 ms  193.838 ms

now i've seen people using 10.x.x.x addresses for the endpoints of the
occasional serial link, but this makes it look like most of british
telecom's backbone uses private addressing.  i wonder what would
happen to them if someone were to leak a route into them for those
addresses?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
andrew () crossbar com       * "information is power -- share the wealth."
Previous By Date Next
Previous By Thread Next

Current thread: