ietf
[Top] [All Lists]

Re: rfc1918 impact

2003-10-15 15:04:53
On 15 okt 2003, at 23:24, Michel Py wrote:

RFC 2827 provides exactly these recommendations.

[FYI: RFC 2827 is about ingress filtering to stop source address spoofing]

Does it? We are not talking about blocking RFC1918 traffic here;

I was.

what we
are talking is blocking traffic where both SA(after NAT) and DA are
public that contains a DNS request for a PRT like 8191CFR.in-addr.arpa,
which requires to decapsulate the packet to inspect its content. It's
not that simple.

I don't feel that a lookup for <something>.10.in-addr.arpa is all that wrong. This can be handled in many very reasonable ways, and the usual caching applies. Requests with unroutable sources are wrong because they break the protocol.

Iljitsch




<Prev in Thread] Current Thread [Next in Thread>