We go through this every couple months, and the same conclusion is reached
every time.
The psycho paranoid people like Greg Woods and Eric Hall scream that any
RFC1918 sourced packet on the internet is a sign of the apocalypse, and
you must apply packet filters to stop them from going out and coming in.
Most everyone else just doesn't care, and realizes that yes it's a packet
you won't be able to reply to but the world will not end if a few of them are
floating around on the internet. There is far worse traffic floating about
then an RFC1918 packet because of someone's misconfigured NAT, and they
will probably proceed to FIX IT when they can't communicate with the rest
of the world through it.
Yes sometimes there IS communication from sources where we DO NOT want a
reply back, like the ICMP messages generated by a router. It might be a
better practice to simply put them in a section of allocated but
unannounced IP space to avoid the 1918-nazi's, but thats another
story. If you have your own 1918 space and you are worried that there
might be some mysterious conflict, then by all means filter them from your
ingress connection the same way you should filter ALL packets sourced from
your ip space.
Now can we please let it go?
The psycho paranoid people like Greg Woods and Eric Hall scream
unannounced IP space to avoid the 1918-nazi's, but thats another
Now can we please let it go?
I'd say from the references above that I'm not the one with "issues."
RFC1918 addreses cause real problems. They are not supposed to be used. It
cannot be made much clearer than that. Choosing to ignore the wishes of
the rest of the Internet community in order to make your own life a little
bit easier is not a question of free will, it is a matter of
selfishishness.
Furthermore, if you claim that you have the right to violate spirit and
intent of Internet BCPs then I certainly have the right to complain about
it without being labelled as psycho/paranoid/nazi.
Thanks
[ On Thursday, February 22, 2001 at 17:58:33 (-0500), Richard A. Steenbergen wrote: ]
Subject: Re: rfc 1918?
The psycho paranoid people like Greg Woods and Eric Hall scream that any
RFC1918 sourced packet on the internet is a sign of the apocalypse, and
you must apply packet filters to stop them from going out and coming in.
This is not an issue of paranoia (except for those who actually use
PRIVATE addresses internally and have properly configured their gateways
to be paranoid about even seeing such packets, let alone routing them).
This is an issue of co-operation and inter-networking -- i.e. what the
Intenet is all about!
If we are to have PRIVATE address space allocation (i.e. RFC-1918), then
we must never allow PRIVATE addresses to appear in packets that traverse
PUBLIC internetworks (i.e. the big-I Internet).
> The psycho paranoid people like Greg Woods and Eric Hall scream that any
....
This is not an issue of paranoia (except for those who actually use
PRIVATE addresses internally and have properly configured their gateways
to be paranoid about even seeing such packets, let alone routing them).
Also, I find calling people that hold a different opinion than your own
nazi, or psycho, or paranoid distastefull and unprofessional.
--Ariel
Neat. Well, how about we apply your zeal and get packet source address
spoofing sorted out so we at least have a way of tracing broken machines
being used as DoS hosts?
Pretty please? 
Adrian