The power of default configurations
Simon Waters
simonw at zynet.net
Fri Apr 8 13:07:21 UTC 2005
On Friday 08 Apr 2005 11:00 am, Michael.Dillon at radianz.com wrote:
>
> Which leads me to the question: Why are RFC 1918 addresses defined
> in a document rather than in an authoritative protocol feed which
> people can use to configure devices?
Because they don't change terribly often.
Indeed the ones in RFC1918 don't change at all.
A protocol feed to deliver the same 6 integers?
The discussion here seems to be muddling two issues.
One is ISPs routing packets with RFC1918 source addresses. Which presumably
can and should be dealt with as a routing issue, I believe there is already
BCP outlining several way to deal with this traffic.
This is noticable to DNS admins, as presumably most such misconfigured boxes
never get an IP address for the service they actually want to use, since the
enquiries are unrepliable, or at least the boxes issue more DNS queries
because some of them are unrepliable.
The other is packets enquiring about RFC1918 address space, which can probably
be minimised by changing the default settings when DNS server packages are
made. For example Debian supplies the config files with the RFC1918 zones
commented out (although they are all ready to kill the traffic by removing a
"#").
However whilst I'm sure there is a lot of dross looking up RFC1918 address
space, I also believe if the volume of such enquiries became an operational
issue for the Internet there are other ways of reducing the number of these
queries.
Whilst we are on dross that turns up at DNS servers, how about traffic for
port 0, surely this could be killed at the routing level as well, anyone got
any figures for how much port 0 traffic is around? My understanding is it is
mostly either scanning, or broken firewalls, neither of which are terribly
desirable things to have on your network, or to ship out to other peoples
networks.
More information about the NANOG
mailing list