Who does source address validation? (was Re: what's that smell?)
Barb Dijker
barb at netrack.net
Tue Oct 8 23:26:03 UTC 2002
At 10:34 PM 10/8/02 +0100, Stephen J. Wilcox wrote:
>Not all IP packets require a return, indeed only TCP requires it. It is quite
>possible to send data over the internet on UDP or ICMP with RFC1918 source
>addresses and for their to be no issue. Examples of this might be icmp
>fragments
>or UDP syslog which altho shouldnt according to RFC1918 be on these source
>addresses might be and if you block these on major backbone routes you may
>break
>something.
No. Filtering RFC1918 doesn't break anything. It merely shows you what
was already broken and you didn't know it. If you have a box that is
putting an RFC1918 source address in its packets destined for external
nets, and it doesn't get NAT'd, your net config is broken.
...Barb
More information about the NANOG
mailing list