[33096] in North American Network Operators' Group
Re: RFC1918 addresses to permit in for VPN?
daemon@ATHENA.MIT.EDU (Sean Donelan)
Fri Dec 29 02:27:10 2000
Date: 28 Dec 2000 23:25:14 -0800
Message-ID: <20001229072514.4261.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: map@internet.org.ph
From: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 28 December 2000, "Miguel A.L. Paraz" wrote:
> Our DSUA filter had to have a small hole punched in since a customer had a VPN
> (I do not know yet as to what kind) which was receiving packets sourced at
> 172.17.x.x. Is this a misconfiguration on the sender's end, or a "feature."
>
> I think there was earlier discussion on VPN's requiring ICMP (echo?)
Its not a very private or virtual network if it leaks addresses into a
data stream visible to your filters.
