There are other reasons to do it intentionally. You can use 10/8 to exfiltrate data. So you could have a receiving system that catalogs every 10.x IP address and then assembles them in order for a bit stream. You can exfiltrate data pretty quickly. Think of it like a number station. Jonathan Kalbfeld office: +1 310 317 7933 fax: +1 310 317 7901 home: +1 310 317 7909 mobile: +1 310 227 1662 ThoughtWave Technologies, Inc. Studio City, CA 91604 https://thoughtwave.com View our network at https://bgp.he.net/AS54380 +1 844 42-LINUX
On Aug 19, 2025 at 12:13 PM, Joe Greco via NANOG <nanog@lists.nanog.org> wrote:
On Tue, Aug 19, 2025 at 07:10:54PM +0200, Bill Woodcock via NANOG wrote:
Sure. A large American mobile operator did that with a lot of their DNS traffic for a couple of months. :-)
Of course you may be talking about doing it _intentionally_. I don???t know of a reason to do it, but sure, it can be done. It???ll get dropped by anybody running uRPF.
I don't remember if it was at SANE 2000 or 2002, but I was talking with a gentleman who was discussing network security with me and he described that his employer had just patented his technique for discovering "leaks", rogue connections, etc., in a secured network. He was being very mysterious so I asked him how his technique was different than the classic trawling around shooting packets with various source addresses at various targets within a network. Which is what they thought was unique and patentable.
So the point is that if you have an unrouted prefix, you can monitor the authorized uplink from a network to see if traffic sprayed within the network is seeing plausible response traffic addressed to that unrouted prefix, but also if you happen to have a ROUTABLE prefix, you can also detect rogue uplinks and stuff like that by seeing what does actually arrive at the routed network.
This is not exactly what the OP asked about, but it is in the same ballpark and may be interesting to someone. The ICMP response answer posted by Mr. Heitz is obviously more common as are the accidental misconfiguration class of answers.
... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/HEOW6YA7...