That said, I do filter 1918 at my edge.
/vijay
ok everybody, vijay says the snapshot below didn't come from him. who wants to claim it, then? # tcpdump -n -c 25 net 10 or net 192.168 or net 172.16.0.0/12 tcpdump: listening on fxp0 19:52:53.787244 10.9.10.250.53 > 192.5.5.241.53: 29644 MX? rogers.com. (29) 19:52:53.789098 10.9.10.250.53 > 192.5.5.241.53: 29643 A? tock.usno.navy.mil. (36) 19:52:53.790367 10.9.10.250.53 > 192.5.5.241.53: 29642 MX? nygh.on.ca. (29) 19:52:53.791023 10.9.10.250.53 > 192.5.5.241.53: 29641 MX? sympatico.ca. (31) 19:52:54.000576 10.6.166.16.35067 > 192.5.5.241.53: 51520 PTR? 23.180.243.65.in-addr.arpa. (44) (DF) 19:52:54.000591 10.6.166.16.35067 > 192.5.5.241.53: 39692 MX? wedweb.cc. (27) (DF) 19:52:54.049835 10.21.13.50.32769 > 192.5.5.241.53: 19542 NS? . (17) (DF) 19:52:54.167651 10.1.10.8.53 > 192.5.5.241.53: 17611 PTR? 1.18.32.10.in-addr.arpa. (41) 19:52:54.227294 172.22.26.5.53 > 192.5.5.241.53: 5298 A? autodesk.com. (30) 19:52:54.327460 10.48.10.250.53 > 192.5.5.241.53: 29477 MX? unco.edu. (27) 19:52:54.328475 10.48.10.250.53 > 192.5.5.241.53: 29476 MX? unco.edu. (27) 19:52:54.329118 10.48.10.250.53 > 192.5.5.241.53: 29475 MX? icella.com. (29) 19:52:54.329736 10.48.10.250.53 > 192.5.5.241.53: 29474 MX? att.net. (26) 19:52:54.487335 10.40.1.29.53 > 192.5.5.241.53: 10970 [b2&3=0x400] A? czdm01.bauholding.com. (39) 19:52:54.490662 10.40.1.29.53 > 192.5.5.241.53: 10971 A? IBM-4406B6DF58E.bauholding.com. (48) 19:52:54.491791 192.168.0.2.1033 > 192.5.5.241.53: 4574 A? velu.neuro6.com. (33) 19:52:54.493123 192.168.0.2.1033 > 192.5.5.241.53: 4580 A? velu.neuro6.com. (33) 19:52:54.495051 192.168.0.2.1033 > 192.5.5.241.53: 12777 A? velu.neuro6.com. (33) 19:52:54.508596 172.23.3.39.1057 > 192.5.5.241.53: 2240 A? download.windowsupdate.com. (44) 19:52:54.511223 172.23.3.39.1057 > 192.5.5.241.53: 14538 A? download.windowsupdate.com. (44) 19:52:54.513568 172.23.3.39.1057 > 192.5.5.241.53: 6358 A? download.windowsupdate.com. (44) 19:52:54.527938 10.26.0.10.32769 > 192.5.5.241.53: 53702 A? nuyoo.utm.mx. (30) (DF) [tos 0x4] 19:52:54.553784 192.168.192.49.47768 > 192.5.5.241.53: 34671 PTR? 36.7.7.4.in-addr.arpa. (39) (DF) 19:52:54.605368 10.26.0.10.32769 > 192.5.5.241.53: 60698 A? uumail.unt.edu.ar. (35) (DF) [tos 0x4] 19:52:54.634115 10.26.0.10.32769 > 192.5.5.241.53: 30349[|domain] (DF) [tos 0x4] 2410 packets received by filter 0 packets dropped by kernel note: in 106 days of uptime, this particular host inside the f-root cluster has discarded the following: rule# packets --octets-- -------------rule-------------------- 00400 6446004 428112547 deny ip from 10.0.0.0/8 to any in 00500 5874604 369667080 deny ip from 172.16.0.0/12 to any in 00600 8367728 546972348 deny ip from 192.168.0.0/16 to any in this seems excessive, and so i've been assuming that it was all vijay's fault. but apparently it's not him. so which one of you isn't filtering 1918 at your edge? (oops, it's all of you, isn't it?) -- Paul Vixie