There are other reasons to do it intentionally. You can use 10/8 to exfiltrate data. So you could have a receiving system that catalogs every 10.x IP address and then assembles them in order for a bit stream. You can exfiltrate data pretty quickly. Think of it like a number station.
Jonathan Kalbfeld office: +1 310 317 7933 fax: +1 310 317 7901 home: +1 310 317 7909 mobile: +1 310 227 1662 ThoughtWave Technologies, Inc. Studio City, CA 91604 https://thoughtwave.com View our network at https://bgp.he.net/AS54380 +1 844 42-LINUX > > On Aug 19, 2025 at 12:13 PM, Joe Greco via NANOG <[email protected]> > wrote: > > > On Tue, Aug 19, 2025 at 07:10:54PM +0200, Bill Woodcock via NANOG wrote: > > Sure. A large American mobile operator did that with a lot of their DNS > > traffic for a couple of months. :-) > > > > Of course you may be talking about doing it _intentionally_. I don???t > > know of a reason to do it, but sure, it can be done. It???ll get dropped by > > anybody running uRPF. > > I don't remember if it was at SANE 2000 or 2002, but I was talking > with a gentleman who was discussing network security with me and he > described that his employer had just patented his technique for > discovering "leaks", rogue connections, etc., in a secured network. > He was being very mysterious so I asked him how his technique was > different than the classic trawling around shooting packets with > various source addresses at various targets within a network. Which > is what they thought was unique and patentable. > > So the point is that if you have an unrouted prefix, you can monitor > the authorized uplink from a network to see if traffic sprayed within > the network is seeing plausible response traffic addressed to that > unrouted prefix, but also if you happen to have a ROUTABLE prefix, you > can also detect rogue uplinks and stuff like that by seeing what does > actually arrive at the routed network. > > This is not exactly what the OP asked about, but it is in the same > ballpark and may be interesting to someone. The ICMP response answer > posted by Mr. Heitz is obviously more common as are the accidental > misconfiguration class of answers. > > ... JG > -- > Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net > "The strain of anti-intellectualism has been a constant thread winding its way > through our political and cultural life, nurtured by the false notion that > democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/HEOW6YA7H7FS5IRR4LIPXNV4Q7FESVK6/ > _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/PLFI75KYZXX7AZW7JLM2YL6MYW56CSGZ/
