On Thu, 22 Jan 2004, Brett Watson wrote:
The customer installed a "network mapping tool" today and suddenly discovered they were seeing RFC1918 addresses in the map (hundreds of them) that were *not* part of the customer's internal network. It turns out that from what we can tell, insightbb.com (an AT&T sub or customer) is probably unintentionally leaking 10/8 and AT&T is propogating that across their network. Since the customer defaults for any "unknown" destination, they're crossing the AT&T network.
RFC1918 addresses are unpredictable on any network other than your own. You shouldn't make assumptions about them. Anyone may use them for any purpose on their network. If you send packets into their network using RFC1918 addresses, you get whatever you get. If you require certaintity its up to you to impose your policy at your edge. Does sending packets to RFC1918 addresses on other networks meet the "be conservative in what you send" credo?