On Mon, 17 Jul 2000, Eric A. Hall wrote:
When ISPs choose to mark their packets with Internet-illegal addresses, they are contributing to these problems. Sorry, but you're not supposed to be using these addresses anyway.
This is utterly stupid. You can use these addresses any way you see fit, you can source packets from them if you'd like, and they are as valid as any other address to use and be "on the internet". What you CAN'T do however, is expect that these packets can ever be replied to, or exchange or accept any kind of information on how to route this IP space outside of your network. Sure its probably not the best idea in the world to send out packets you can't expect a reply to, but its not prohibited for a reason, and its certainly not the end of the world you make it out to be. If you really want to filter RFC1918 sourced packets at your borders for whatever reason its your choice. Trust me I've probably seen a lot more DoS then most people in one way or another, and filtering 1918 space is in absolutily NO way any kind of magic bullet or even worth the processor time (if you're gonna spend the time filtering there are much better things out there). -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)