> > What does "originating" mean? Creating the packets? Or forwarding > > them? > > Either way, there's no excuse. > > First off, remember that BCP38 and 1918 don't apply on your set of > interconnected private networks, no matter how big a net it is. You want to > filter between two of your private nets, go ahead. You don't want to, that's > OK to. The fun starts when those packets leave your network(s) and hit the > public Internet. > > Now that we have that squared away... > > Either that intermediate router originated the ICMP 'frag needed' packet, in > which case somebody needs to be smacked for originating a 1918-addressed > packet > on the public internet, or it's forwarding the packet. And if it's forwarding > the packet, then somebody *else* needs to be smacked for injecting that packet > into the public internet. > > What *possible* use case would require a 1918-sourced packet to be traversing > the public internet? We're all waiting with bated breath to hear this one. ;)
It's great for showing in traceroutes who the heel is. Do I win a prize? ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.