address spoofing

Alex Bligh amb at
Thu Apr 22 21:47:29 UTC 1999

> anyone have clues other than net slime and misconfigured nats?

Possibly users behind your filters are tracerouting through
somewhere which has PtP links configured in RFC1918 space,
and you are seeing ICMP TTL exceeded back from these addresses.
Some people allege configuring publicly visible PtPs to RFC1918
addresses is not bad practice. YMMV.

If you really want to know what they are, policy route them
to a spare ethernet port back to backed with a box running
tcpdump. But then you knew that already.

Alex Bligh
GX Networks (formerly Xara Networks)

More information about the NANOG mailing list