[23766] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Alex Bligh)
Thu Apr 22 18:48:59 1999
From: Alex Bligh <amb@gxn.net>
To: Randy Bush <randy@psg.com>
Cc: nanog@merit.edu
In-reply-to: Your message of "Thu, 22 Apr 1999 15:15:10 PDT."
<m10aRkU-0008G4C@rip.psg.com>
Date: Thu, 22 Apr 1999 23:47:29 +0200
Errors-To: owner-nanog-outgoing@merit.edu
> anyone have clues other than net slime and misconfigured nats?
Possibly users behind your filters are tracerouting through
somewhere which has PtP links configured in RFC1918 space,
and you are seeing ICMP TTL exceeded back from these addresses.
Some people allege configuring publicly visible PtPs to RFC1918
addresses is not bad practice. YMMV.
If you really want to know what they are, policy route them
to a spare ethernet port back to backed with a box running
tcpdump. But then you knew that already.
--
Alex Bligh
GX Networks (formerly Xara Networks)
