[30108] in North American Network Operators' Group
Re: RFC 1918
daemon@ATHENA.MIT.EDU (Michael Shields)
Sat Jul 15 01:03:46 2000
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: Bennett Todd <bet@rahul.net>,
"Steven M. Bellovin" <smb@research.att.com>, nanog@merit.edu
From: Michael Shields <shields@msrl.com>
Date: 15 Jul 2000 04:59:37 +0000
In-Reply-To: "Richard A. Steenbergen"'s message of "Fri, 14 Jul 2000 19:58:04 -0400 (EDT)"
Message-ID: <87hf9sugxy.fsf@challah.msrl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: owner-nanog-outgoing@merit.edu
In article <Pine.BSF.4.21.0007141956280.95155-100000@overlord.e-gerbil.net>,
"Richard A. Steenbergen" <ras@e-gerbil.net> wrote:
> I still have not seen a single compelling arguement which says you gain
> one bit more security by filtering RFC1918-source'd packets. It is useless
> at best, and disruptive at worst.
No correct configuration will send me packets with a source address
from RFC 1918 space. In a correct world, such filters will have no
effect. Only packets from the incorrect world will be hit by these
filters. As a matter of network policy, I do not wish to speak to
incorrect hosts, whatever their intentions.
If being unable to connect to MSRL hosts causes people to fix their
incorrect configurations, I am pleased. If it causes them to be
upset, I am indifferent. The smoothly running Internet is the set of
standards-compliant hosts. We must guard against incorrectness with a
steady, ruthless, automated hand.
--
Shields.
