[23804] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Phil Howard)
Fri Apr 23 22:31:34 1999
From: Phil Howard <phil@whistler.intur.net>
To: vandry@Mlink.NET (Phillip Vandry)
Date: Fri, 23 Apr 1999 21:27:34 -0500 (CDT)
Cc: nanog@merit.edu
In-Reply-To: <199904231808.OAA16776@Iodine.Mlink.NET> from "Phillip Vandry" at Apr 23, 99 02:08:55 pm
Errors-To: owner-nanog-outgoing@merit.edu
Phillip Vandry wrote:
> > > My outbound access lists block it, so you should never see 1918
> > > sources coming from me. You should see "* * *" instead, even
> > > if you don't block them coming in to your net.
> >
> > I think this sucks big-time. It wouldn't be quite so bad if traceroute
> > were the only thing that were broken by it (though I do like my
> > traceroutes to work properly too), but when all ICMP traffic from such a
> > router is hosed, and one of the links my packets are trying to hop onto
> > through such a router is down, then I'm a particularly unhappy camper
> > (if I could see the !H or !N I'd still be unhappy of course, but not
>
> ...and I'd certainly like to see my ICMP unreachables which are vital to
> path MTU discovery not blocked.
Since the road doesn't narrow, this won't be a problem on these links.
This is taken into consideration when the addresses are assigned. There
might be others doing this improperly.
--
Phil Howard KA9WGN
phil@intur.net phil@ipal.net
