Who does source address validation? (was Re: what's that smell?)

• Previous message (by thread): Who does source address validation? (was Re: what's that smell?)
• Next message (by thread): Who does source address validation? (was Re: what's that smell?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 10:34 PM 10/8/02 +0100, Stephen J. Wilcox wrote:
>Not all IP packets require a return, indeed only TCP requires it. It is quite
>possible to send data over the internet on UDP or ICMP with RFC1918 source
>addresses and for their to be no issue. Examples of this might be icmp 
>fragments
>or UDP syslog which altho shouldnt according to RFC1918 be on these source
>addresses might be and if you block these on major backbone routes you may 
>break
>something.

No.  Filtering RFC1918 doesn't break anything.  It merely shows you what 
was already broken and you didn't know it.  If you have a box that is 
putting an RFC1918 source address in its packets destined for external 
nets, and it doesn't get NAT'd, your net config is broken.

...Barb

• Previous message (by thread): Who does source address validation? (was Re: what's that smell?)
• Next message (by thread): Who does source address validation? (was Re: what's that smell?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]