nanog mailing list archives
Re: The power of default configurations
From: Sean Donelan <sean () donelan com>
Date: Sun, 10 Apr 2005 21:15:39 -0400 (EDT)
On Thu, 7 Apr 2005, Christopher L. Morrow wrote:
no to 1) prolong the pain, 2) beat a horsey.. BUT, why are 1918 ips 'special' to any application? why are non-1918 ips 'special' in a different way?
Because they're 'special.' But you are correct, there is nothing special about RFC1918 at the network. If people did proper source address validation they wouldn't send RFC1918 addresses along with a lot of other junk. RFC1918 are actually a very small amount of the junk packets, they are just easy for people like Paul to detect. Its just harder to detect the other mis-configured address ranges. CYMRU bogons are pretty funny when you think about it, if the bad guys can spoof packets why would they spoof address ranges that are easy to filter? You want anti-spoofing of all addresses, not special address ranges. The other side. A lot of software programmers and network architects and security consultants think RFC1918 addresses are special. This leads to a lot of mis-configured (or more precisely, never configured) software. How can we make more software "safe by default?" Because relying on the user or sysadmin to make it safe isn't working. That includes safe default configurations that are conservative in what they send, such as doing RFC1918 lookups against root name servers. The original BIND from Berkeley included a "localhost" file, why not a "workgroup" file and an RFC1918 file?
Current thread:
- Re: The power of default configurations, (continued)
- Re: The power of default configurations Petri Helenius (Apr 07)
- Re: The power of default configurations Paul Vixie (Apr 07)
- Re: The power of default configurations Petri Helenius (Apr 07)
- Re: The power of default configurations Christopher L. Morrow (Apr 07)
- Re: The power of default configurations Randy Bush (Apr 07)
- Re: The power of default configurations Michael . Dillon (Apr 08)
- Re: The power of default configurations Simon Waters (Apr 08)
- Re: The power of default configurations Duane Wessels (Apr 08)
- Port 0 traffic Sean Donelan (Apr 08)
- Re: Port 0 traffic Christopher L. Morrow (Apr 08)
- Re: The power of default configurations Sean Donelan (Apr 10)
- Message not available
- Re: The power of default configurations Jay R. Ashworth (Apr 10)
- Re: The power of default configurations Christopher L. Morrow (Apr 10)