[ On Thursday, February 22, 2001 at 22:40:11 (+0000), Stephen J. Wilcox wrote: ]
Subject: Re: rfc 1918?
Altho Path MTU from RFC1918 P2P links will arrive and if you block them you'll find strange things occur on transfering data so you cant say nothing should come on 1918 space.
Even more reason to filter RFC-1918 src/dest addresses comletely and utterly. Such broken implemenations deserve to be cut off from the public Interent as they cause nothing but problems. Note that anyone using PRIVATE addresses within their own networks, and with an even half decent security policy, is forced to filter all such junk at their borders anyway, so they could never "win" with such broken implementations. I.e. the only "fair" thing to do is to filter all RFC-1918 addresses early and often from all public Internet links.
That's not a good reason. Nobody should be generating public traffic from those addresses, "making them work" is not an Internet-friendly decision.
I agree, altho a lot of people do use 1918 for their p2p.
That's not necessarily quite the same issue, so long as no packets ever traverse the rest of the public Internet with RFC-1918 source or destination addresses. (Un)Fortunately it's difficult, or even impossible in some cases, to prevent packets with PRIVATE addresses from being generated and so it's still extremely bad practice to use PRIVATE addresses for any point-to- point links with transit PUBLIC traffic "in the raw" (i.e. not in a tunnel that would have PUBLIC end-point addresses).
The sooner RFC-1918-sourced packets get filtered (i.e. the closer to
until the previous item is fixed tho you'll break things if you do this.
Indeed -- but the sooner and more often such things are "broken", the sooner they'll get fixed properly! "Tough love", and "you've got to be good to be bad", etc., etc., etc.... -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>