address spoofing

• Previous message (by thread): address spoofing
• Next message (by thread): address spoofing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> anyone have clues other than net slime and misconfigured nats?

Possibly users behind your filters are tracerouting through
somewhere which has PtP links configured in RFC1918 space,
and you are seeing ICMP TTL exceeded back from these addresses.
Some people allege configuring publicly visible PtPs to RFC1918
addresses is not bad practice. YMMV.

If you really want to know what they are, policy route them
to a spare ethernet port back to backed with a box running
tcpdump. But then you knew that already.

-- 
Alex Bligh
GX Networks (formerly Xara Networks)

• Previous message (by thread): address spoofing
• Next message (by thread): address spoofing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]