> now as to who's responsible, first off you have to understand that we block
> rfc1918-sourced packets at our AS boundary. (otherwise these numbers would
> be Much Higherare you sure? i suspect they are windows 2000 systems behind NATs. so
the dynamic update is for the 1918 address, but the packet source address
has been natted into real space.
according to our border flow stats, not all of them get nat'd on the way here.
now as to who's responsible, first off you have to understand that we
block rfc1918-sourced packets at our AS boundary. (otherwise these
numbers would be Much Higherare you sure? i suspect they are windows 2000 systems behind NATs. so
the dynamic update is for the 1918 address, but the packet source address
has been natted into real space.according to our border flow stats, not all of them get nat'd on the way
here.
we already knew nats were broken.
but i still believe that win2k behind nats probably explain most of the
data behind the updates for 1918 space from non-1918 ip source addresses.
randy
We find that updates in the forward zones are a great way of tracking
laptops, btw, as nobody ever changes the 'domain' or whatever it is called
in Windows.
So you see these updates coming in from everywhere the laptop goes.
Regards,
bert hubert