|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Private networks and home.{net|com}
From: Pavel Kankovsky (peak
ARGO.TROJA.MFF.CUNI.CZ)Date: Thu Feb 10 2000 - 05:35:50 CST
- Next message: Roderick Padilla: "Re: [UPDATE]Dos Trojan on Solaris"
- Previous message: JF Prieur: "port 20056"
- In reply to: Rasmus Andersson: "Re: Private networks and home.{net|com}"
- Next in thread: Andersson, Rasmus: "Re: Private networks and home.{net|com}"
- Reply: Pavel Kankovsky: "Re: Private networks and home.{net|com}"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 9 Feb 2000, Rasmus Andersson wrote:
> It's perfectly legal (and in many ways good) to use those addresses on
> link networks, and filtering out ALL traffic from such addresses is a
> therefore a Bad Idea(tm). In particular, you MUST let ICMP Unreachable -
> Fragmentation Needed through to not damage path-MTU discovery. IMHO you
> should let any ICMP Unreachables through as well as Time Exceeded.
I might have a very good reason not to allow any RFC-1918-address
originated datagrams from outside: I might be using these addresses
myself in my internal network. Why should I allow anyone to spoof
internal traffic of any kind?
IMHO, it is a Bad Idea(tm) to allow a PRIVATE address to appear in a
PUBLIC network! And people who do it are messing things up themselves.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Next message: Roderick Padilla: "Re: [UPDATE]Dos Trojan on Solaris"
- Previous message: JF Prieur: "port 20056"
- In reply to: Rasmus Andersson: "Re: Private networks and home.{net|com}"
- Next in thread: Andersson, Rasmus: "Re: Private networks and home.{net|com}"
- Reply: Pavel Kankovsky: "Re: Private networks and home.{net|com}"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]