Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 01 Dec 2000 00:01:00 -0700
From:      Wes Peters <wes@softweyr.com>
To:        Bill Fumerola <billf@mu.org>
Cc:        "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, Igor Roshchin <str@giganda.komkon.org>, freebsd-security@FreeBSD.ORG
Subject:   Re: Danger Ports
Message-ID:  <3A274CAC.840ADD9C@softweyr.com>
References:  <20001130164905.E83422@elvis.mu.org> <200012010607.WAA46736@gndrsh.dnsmgr.net> <20001201003102.I83422@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Bill Fumerola wrote:
> 
> On Thu, Nov 30, 2000 at 10:07:05PM -0800, Rodney W. Grimes wrote:
> 
> > > I wouldn't go as far as BCP.
> >
> > Well, RFC1918, aka BCP5 is pretty darn clear in section 3 paragraph 8:
> >
> >    Because private addresses have no global meaning, routing information
> >    about private networks shall not be propagated on inter-enterprise
> >    links, and packets with private source or destination addresses
> >                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >    should not be forwarded across such links. Routers in networks not
> >           ^^^^^^^^^^^^^^^^^^^^^^^
> >    using private address space, especially those of Internet service
> >    providers, are expected to be configured to reject (filter out)
> >    routing information about private networks. If such a router receives
> >    such information the rejection shall not be treated as a routing
> >    protocol error.
> 
> You're mistaking "should" for "must". RFCs are very anal about pointing out
> the difference between these words. Noncompliance is different then behavior
> deemed suboptimal.

This is a configuration issue as well.  Your ISP may consider their entire
network, including all customers, a private network and dole out 10.x.x.x
addresses to you.  I'd hate to see their NAT tables, unless they're a good
old 6-customer ISP.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A274CAC.840ADD9C>