address spoofing

> My outbound access lists block it, so you should never see 1918
> sources coming from me. You should see "* * *" instead, even
> if you don't block them coming in to your net.

I think this sucks big-time. It wouldn't be quite so bad if traceroute
were the only thing that were broken by it (though I do like my
traceroutes to work properly too), but when all ICMP traffic from such a
router is hosed, and one of the links my packets are trying to hop onto
through such a router is down, then I'm a particularly unhappy camper
(if I could see the !H or !N I'd still be unhappy of course, but not

...and I'd certainly like to see my ICMP unreachables which are vital to
path MTU discovery not blocked.

-Phil

[ On Friday, April 23, 1999 at 14:08:55 (-0400), Phillip Vandry wrote: ]

Subject: Re: address spoofing

...and I'd certainly like to see my ICMP unreachables which are vital to
path MTU discovery not blocked.

That'll actually only happen if the router that needs to fragment also
uses RFC1918 addresses on one or more of its ports -- which would be a
totally brain-damaged configuration, to say the least.