Re: rfc 1918?

[Ariel Biener <ariel () fireball tau ac il>]

On Thu, 22 Feb 2001, Greg A. Woods wrote:


This gets us back to the discussin we had here about 3-4 months ago about
what should be done in order to create a friendly internet environment,
that is, where every Internet connected entity actually gives a damn about
everyone else.

--Ariel
> > > > You're not crazy, and UUNet should be filtering them.
>
> No Chris, you're not crazy...
>
> > > There are good reasons to want to get those packets (traceroutes from
> > > people who have numbered their networks in rfc1918 networks,
>
> No John, there are exactly zero reasons, good or otherwise, for allowing
> any traffic with RFC-1918 source addresses to traverse any part of the
> public Internet.Period!  :-)
>
> [ On Thursday, February 22, 2001 at 13:22:27 (-0800), Eric A. Hall wrote: ]
> > Subject: Re: rfc 1918?
> >
> > That's not a good reason. Nobody should be generating public traffic from
> > those addresses, "making them work" is not an Internet-friendly decision.
>
> Precisely.
>
> The sooner RFC-1918-sourced packets get filtered (i.e. the closer to
> source they get filtered, *and* the quicker that *EVERYONE* introduces
> such filters), then the sooner (i.e. the quicker) the people (and that's
> the politely and politically correct way of speaking of them) who think
> they can use private addresses inpublic networks will hopefully get
> clue-by-4'ed into changing their errant ways.
>
> Now if only I could find some magic way to let all those trigger happy
> people running lame IDS to complain to the true source of such packets.
> If the relatively few complaints I see from such people when accidental
> ftp or http connections are attempted to their workstations are any
> indication, then the mere volume of complaints alone would probably be
> sufficient reason for anyone to stop using RFC-1918 addressing.Too bad
> the Internet's not just one big large bridged Ethernet and then we could
> just look up the MAC address (on our border bridges, of course) of any
> offender and then go beat them over the head directly with the magnled
> packets!:-)
>
> Thankfully there are now devices that can do such filtering effectively
> even at very high core speeds....Now we only have to convince the
> manufacturers of such devices to supply them with default configurations
> that do such filtering (and not to make the stupidmistake that they
> need to leave their factory configurations as if they will only ever
> live in a lab environment)!
>
> --
>                                                       Greg A. Woods
>
> +1 416 218-0098    VE3TCP      <gwoods () acm org>      <robohack!woods>
> Planix, Inc. <woods () planix com>;Secrets of the Weird <woods () weird com>

--
Ariel Biener
e-mail: ariel () post tau ac il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html