[Dshield] Spam Problem - RFC1918 Comment

David Sentelle David.Sentelle at cnbcbank.com
Tue Jan 13 14:12:20 GMT 2004


My mail (poor) program won't let me neatly comment inline, my
apologies.

Yes, your ISP's network isn't technically 'the internet'...  but to
YOUR network, for all intents and purposes it should be considered the
internet, and not trusted.  Therefore your ISP is within the RFCs in
routing that traffic.  

You still need to be aware that those addresses ARE routable, but
should not be allowed inside from outside & vice-versa.   

Sorry about misspeaking regarding the ISP's equipment not taking
address space, I should've said 'global' address space, as that's what I
meant.


Date: Mon, 12 Jan 2004 17:00:41 -0500
From: "Jon R. Kibler" <Jon.Kibler at aset.com>
Subject: Re: [Dshield] Spam Problem - RFC1918 Comment
To: General DShield Discussion List <list at dshield.org>

Non-routable on the Internet. Your ISP's network is NOT the Internet.

Two issues here.
1) Again, private address space can route on any private network --
such as your ISPs network.
2) It is common to see incoming traffic originating from private
address space, even on direct connections to the Internet. Why? Two
reasons:
   a) A lot of private networks are leaky and these addresses end up on
the Internet when they should have been blocked by the source's firewall
or NAT device. (Search the archives for my posting last year on blocking
such traffic.)
   b) Various miscreants use RFC 1918 addresses to initiate DOS/DDOS
attacks because the are almost impossible to trace to their real source.
They also use other reserved or unallocated addresses because few
firewalls block such addresses. (Again, find my old posting for more
details.)

Does not use GLOBAL address space. It still takes up PRIVATE address
space.

Nothing in the RFCs says they should. (I would argue that ISPs should
block all bogus traffic, but this group has already had that discussion
MANY times, and let's not rehash it again now.) All the RFCs say is that
anyone is free to use those addresses on their private network, but
systems on the Internet cannot connect to systems with private addresses
because their is no way to route data to a non-unique address.

Again, the addresses are valid on a private network -- your ISPs
network. Some ISPs (esp those still running dial-up connections) use
private address space for ALL their DHCP-ed  users and simply NAT/PAT it
for connections to resources not on the ISP's private network.

Hope things a little clearer now...





More information about the list mailing list