address spoofing

sthaug at nethelp.no sthaug at nethelp.no
Fri Apr 23 21:56:37 UTC 1999


> means that packets with source addresses from RFC 1918 space should not be
> permitted on the global internet.   While I agree that RFC 1918 addresses
> should not be used on internet visible interfaces, I'm unaware of anywhere
> in the RFC's where it says that "routers should be configured to reject
> packets coming from RFC 1918 space."

As others have pointed out, there are indeed RFC sections which seem to
imply that packets coming from RFC 1918 space should not be visible on
the global Internet.

Furthermore, whether the RFC says so or not, I'm going to block these
packets at *my* border routers, because:

- I have absolutely *no* idea of where these packets might be coming
from,
- and I have no possibility of generating sensible replies to packets
with RFC 1918 source addresses.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no




More information about the NANOG mailing list