My incident started the thread. The packets are not even an irritant; I was just curious as to why the rfc1918 addresses were being logged by my ingress filter. Now I know- General Practice dictates that my filters on my stub network are the appropriate place to filter out the private addresses. I had always believed the private addresses to be "non routable" (ie handled by ISPs) but that seems to be at least partially incorrect. Thanks to everyone who discussed! Hopefully this thread shed some light for some other people regarding the difference between the way things work in theory and in practice. My apologies to Mr Steenbergen who seemed very, very distressed about seeing this topic. -----Original Message----- From: Mark Borchers [mailto:mborchers@splitrock.net] Sent: Friday, February 23, 2001 9:46 AM To: 'nanog@merit.edu' Subject: RE: rfc 1918?

This is not an issue of paranoia (except for those who actually use PRIVATE addresses internally and have properly configured their gateways to be paranoid about even seeing such packets, let alone routing them).

Unless I'm mistaken, a prime reason for the evolution of RFC 1918 addresses was that it was once common practice for people to help themselves to PUBLIC address space to use on PRIVATE networks. As the world got more connected, these addresses occasionally got leaked and caused address conflicts. Using RFC 1918 addresses prevents conflicts with public/registered space. Obviously the possibility of leakage still exists, but with RFC 1918 the havoc potential is diminished to a mere irritant level. Which is what the incident that started this thread appeared to be.