[nsp] 192.168.x.y from upstream
Gert Doering
gert at greenie.muc.de
Mon Mar 10 13:56:09 EST 2003
Hi,
On Mon, Mar 10, 2003 at 02:42:01PM +0300, Rivo Tahina RAZAFINDRATSIFA wrote:
> Why do I receive something from private IP address such as 192.168. from my
> upstream?
Because many ISPs are lazy and do not properly filter packets before
the packets leave their networks.
Proper network management consist of (relating to RFC1918 only):
- don't use RFC 1918 addresses for the ISP backbone networks
(because traceroute and other ICMP responses might end up being
sent with those addresses, which violates RFC 1918)
- filter your customer access lines so that customers can only generate
packets with source IPs that belong to them ("anti-spoofing"), see
also RFC 2827 "Network Ingress Filtering".
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the cisco-nsp
mailing list