In reality, from what I see, most large ISP doesn't care about RFC1918.
I've been dealing with this issue for a while.
Not all of them, because I didn't deal with all of them.
But some of them has strange policy for ACL, because it has large impact
on router platform CPU utilization.
Strictly
On Mon, May 22, 2006 at 04:30:37PM -0400, Andrew Kirch wrote:
3) You are seeing packets with source IPs inside private space
arriving at
your interface from your ISP?
...
Sorry to dig this up from last week but I have to strongly disagree with
point #3.
From RFC 1918
Because
RAS Date: Tue, 23 May 2006 03:33:34 -0400
RAS From: Richard A Steenbergen
RAS If you're receiving RFC1918 sourced packets
#include flamewars/urpf.h
#include flamewars/pmtud.h
Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman Dreger, Inc. - http://www.brotsman.com/
Wired posted what are suppossedly the docs Mark Klein wrote 'bout the
NSA sniffing project. Interesting read...
http://blog.wired.com/27BStroke6/att_klein_wired.pdf
John
Indeed. To be honest, I am more interested in NANOG-related operational
issues involved, which I am not sure many
Date: Tue, 23 May 2006 03:33:34 -0400
From: Richard A Steenbergen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: private ip addresses from ISP
On Mon, May 22, 2006 at 04:30:37PM -0400, Andrew Kirch wrote:
3) You are seeing packets with source IPs inside private space
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Robert Bonomi
Sent: Tuesday, May 23, 2006 9:22 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: private ip addresses from ISP
Date: Tue, 23 May 2006 03:33:34 -0400
From: Richard A
At 09:22 AM 5/23/2006, Robert Bonomi wrote:
Date: Tue, 23 May 2006 03:33:34 -0400
From: Richard A Steenbergen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: private ip addresses from ISP
On Mon, May 22, 2006 at 04:30:37PM -0400, Andrew Kirch wrote:
3) You are seeing packets
While we're on the topic, perhaps I should ask for some best practices
(where 'best' equals one for every listserv member) on the use of RFC 1918
addresses within a network provider's infrastructure.
We use private addresses for some stub routes, as well as our cable modems.
Should we
Date: Tue, 23 May 2006 09:36:30 -0400
To: [EMAIL PROTECTED]
From: Daniel Senie [EMAIL PROTECTED]
Subject: Re: private ip addresses from ISP
At 09:22 AM 5/23/2006, Robert Bonomi wrote:
Date: Tue, 23 May 2006 03:33:34 -0400
From: Richard A Steenbergen [EMAIL PROTECTED]
To: [EMAIL
Robert Bonomi wrote:
TTL-E messages _do_ have legitimate function in network management.
TTL-E messages _can_ originate from RFC1918 space, addressed to 'public
internet' addresses. Usefully, and meaningfully. Ever hear of 'traceroute'?
Ever use it where packets went across a network
Proper good net neighbor egress filtering of RFC1918 source addresses
takes a number of separate rules. Several 'allows', followed by a
default
'deny'.
Really?
Do you have those rules on your network?
Any reason why you didn't post the operational
details on this operational list?
Have
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Joe Maimon
Sent: Tuesday, May 23, 2006 10:15 AM
To: Robert Bonomi
Cc: [EMAIL PROTECTED]
Subject: Re: private ip addresses from ISP
Robert Bonomi wrote:
TTL-E messages _do_ have
Brian Johnson wrote:
In the Cisco world, I thought that the source would always be the interface
that replies to the ICMP packet. That seems to be good form to me.
Where am I going wrong?
You are correct, however it could be usefull in regards to the topic at
hand if this was
Robert Bonomi wrote:
Date: Tue, 23 May 2006 11:14:53 -0400
Translating those addresses is a *BAD*IDEA*(TM). That obscures who
the reporting machine was _if_ you have to actually communicate with that
network operator.
These are the options:
Construct the network so that icmp is
Folks are sounding as if they'd never 'traceroute'd THROUGH a set of
unroutable IP addresses. I have seen cases where my 'traceroute' looked
like this [when I've had the patience to not hit Interrupt at the first
sign of stars]:
1 1 ms 1 ms 1 ms router.here
2 10 ms 10 ms 10 ms
On Tue, May 23, 2006 at 04:22:26PM +0100, [EMAIL PROTECTED] wrote:
...
Does NANOG have a role in developing some best
practices text that could be easily imcorporated
into peering agreements and service contracts?
...
RFC 2267 - RFC 2827 == Best Current Practice (BCP) 38
RFC 3013 == BCP 46
Joseph S D Yao wrote:
Folks are sounding as if they'd never 'traceroute'd THROUGH a set of
unroutable IP addresses. I have seen cases where my 'traceroute' looked
like this [when I've had the patience to not hit Interrupt at the first
sign of stars]:
1 1 ms 1 ms 1 ms router.here
2 10
On May 23, 2006, at 3:33 AM, Richard A Steenbergen wrote:
From RFC 1918
Because private addresses have no global meaning, routing
information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should
On May 23, 2006, at 10:47 AM, Robert Bonomi wrote:
Really? You really want TTL-E messages with RFC1918 source addr? Even
if they're used as part of a denial of service attack? Even though
you can't tell where they actually came from?
Can be is not sufficient (in and of itself, that is)
On Tue, May 23, 2006 at 12:23:54PM -0400, Patrick W. Gilmore wrote:
I know it was late when you wrote that, RAS, but from the
_very_first_sentence_:
Er yeah I meant to say it says nothing about filtering 1918 packets.
Please read BCP38 again. (For the first time? :)
Clearly allowing
Filtering every last 1918 sourced packet you receive because it might have
a DoS is like filtering all ICMP because people can ping flood. If you
want to rate limit it, that is reasonable. If you want to restrict it to
ICMP responses only, that is also reasonable. If on the other hand you
On May 23, 2006, at 1:14 PM, Richard A Steenbergen wrote:
[...]
Filtering every last 1918 sourced packet you receive because it
might have
a DoS is like filtering all ICMP because people can ping flood. If you
want to rate limit it, that is reasonable. If you want to restrict
it to
ICMP
On Tue, May 23, 2006 at 11:55:56AM -0400, Joe Maimon wrote:
...
Its also quite annoying to wait for each hop to timeout.
Well, yes. ;-} But as someone hinted, that's purely a problem with my
own psyche, which I do [to some degree] control.
OBTW, the 'ad hominem' attacks starting up in this
In article [EMAIL PROTECTED], Jeroen
Massar [EMAIL PROTECTED] writes
Try http://www.hostip.info it is reasonable accurate in most cases and
hell it is for free. It depends what you need it for of course but it is
far better than nothing.
The problem with this one is that they are still
On Tue, May 23, 2006 at 05:39:26AM -0500, Gadi Evron wrote:
Wired posted what are suppossedly the docs Mark Klein wrote 'bout the
NSA sniffing project. Interesting read...
http://blog.wired.com/27BStroke6/att_klein_wired.pdf
John
Indeed. To be honest, I am more interested in
Sorry for the noise, but this is sorta operational (for me anyway ;-))
We are physically in the process of configuring the connectivity for
NANOG 37. We are from out of town ;-)
It has not been easy (when has it ever been?).
Accept the following: We have to transit some existing
On Tue, 23 May 2006 05:39:26 -0500 (CDT), Gadi Evron [EMAIL PROTECTED]
wrote:
Wired posted what are suppossedly the docs Mark Klein wrote 'bout the
NSA sniffing project. Interesting read...
http://blog.wired.com/27BStroke6/att_klein_wired.pdf
John
Indeed. To be honest, I am
On Tue, 23 May 2006, Steven M. Bellovin wrote:
Indeed. To be honest, I am more interested in NANOG-related operational
issues involved, which I am not sure many here will be able to discuss in
case they had experience on the subject. So let us put privacy and legal
issues aside for the
On 5/22/06, Mikisa Richard [EMAIL PROTECTED] wrote:
Anyone from FASTWEB please get back to me offline.
This page for fastweb (from an ISP in Africa) plus Ernest / Afrinic's
post asking people to update bogon filters for 41/8 .. both related.
Reason - fastweb provides NAT'ted ADSL lines to
29 matches
Mail list logo
