what's that smell?

Kelly J. Cooper kcooper at genuity.net
Tue Oct 8 14:21:32 UTC 2002



Nope.  As previously established, there are ISPs out there using RFC1918
networks in their infrastructure.  Also, egress filtering is NOT easy, so
even those ISPs doing it may not be able to do it universally.  Plus, lots
of attacks these days are mixing spoofed and legit traffic, or doing
limited spoofing (i.e. picking random addresses on the LAN where they
originate to make it past filters).

Kelly J.

On Tue, 8 Oct 2002, Iljitsch van Beijnum wrote:
>
> On Tue, 8 Oct 2002, Chris Wedgwood wrote:
>
> > FWIW, almost nobody filters rfc1918 packets outbound and a good
> > percentage of ISP customers bleed these something terrible
>
> Actually, that's a good thing. This makes it trivial to detect which peers
> aren't doing egress filtering. If people just filtered RFC 1918 space,
> everything would just look better, but the underlying problem wouldn't be
> solved: it would still be possible to launch very hard to trace or stop
> denial of service attacks from those networks.




More information about the NANOG mailing list