On Thu, 7 Apr 2005, Christopher L. Morrow wrote:
no to 1) prolong the pain, 2) beat a horsey.. BUT, why are 1918 ips 'special' to any application? why are non-1918 ips 'special' in a different way?
Because they're 'special.' But you are correct, there is nothing special about RFC1918 at the network. If people did proper source address validation they wouldn't send RFC1918 addresses along with a lot of other junk. RFC1918 are actually a very small amount of the junk packets, they are just easy for people like Paul to detect. Its just harder to detect the other mis-configured address ranges. CYMRU bogons are pretty funny when you think about it, if the bad guys can spoof packets why would they spoof address ranges that are easy to filter? You want anti-spoofing of all addresses, not special address ranges. The other side. A lot of software programmers and network architects and security consultants think RFC1918 addresses are special. This leads to a lot of mis-configured (or more precisely, never configured) software. How can we make more software "safe by default?" Because relying on the user or sysadmin to make it safe isn't working. That includes safe default configurations that are conservative in what they send, such as doing RFC1918 lookups against root name servers. The original BIND from Berkeley included a "localhost" file, why not a "workgroup" file and an RFC1918 file?