I'd say the problem of 1918 leakage is a bigger concern.
Quite a big problem. Because some of the major backbones don't bother to filter that address space in the src of the packets, DDoS tools just love forging UDP packets with reserved space, which makes it nearly impossible to correctly track down where its coming from. A good example of this issue is with at least two of the AHBL nameservers run by the SOSDG (I have no idea what the other nameservers are seeing as they are not managed by us, but they are probably getting similar queries), someone from 192.168.1.20 is making dns queries for ip4r lookups under dnsbl.ahbl.org. Of course, the bogon filters stop it dead in its tracks, but, the fact that its getting through across Sprint, Cogentco, and similar isn't a good sign. Providers should be filtering at their borders both src and dst packets going to any of the reserved spaces. If they did, this wouldn't be an issue. Now, the better question is, what idiot is doing those dnsbl queries on our servers, and why haven't they noticed that the lookups don't work, and resolving in general probably isn't working? Who knows. < Side note: sorry about the weird quoting. OE-Quotefix is somehow barfing on your message specifically and crashing, so I had to turn it off > -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org ----- Original Message ----- From: <Valdis.Kletnieks@vt.edu> To: "Roger Marquis" <marquis@roble.com> Cc: <nanog@trapdoor.merit.edu>; <spamtools@lists.abuse.net> Sent: Sunday, January 04, 2004 3:05 PM Subject: Re: example.com/net/org DNS records