What does "originating" mean? Creating the packets? Or forwarding them?
Either way, there's no excuse.
First off, remember that BCP38 and 1918 don't apply on your set of interconnected private networks, no matter how big a net it is. You want to filter between two of your private nets, go ahead. You don't want to, that's OK to. The fun starts when those packets leave your network(s) and hit the public Internet.
Now that we have that squared away...
Either that intermediate router originated the ICMP 'frag needed' packet, in which case somebody needs to be smacked for originating a 1918-addressed packet on the public internet, or it's forwarding the packet. And if it's forwarding the packet, then somebody *else* needs to be smacked for injecting that packet into the public internet.
What *possible* use case would require a 1918-sourced packet to be traversing the public internet? We're all waiting with bated breath to hear this one. ;)
It's great for showing in traceroutes who the heel is. Do I win a prize? ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.