[nsp] A cause for concern?

From: Gerard N. West (gnwest@yahoo.com)
Date: Sun Aug 20 2000 - 08:09:31 EDT


On our border router, I have an inbound access list
that, among other things, filters incoming packets
with source addresses of private ip numbers. Recent
activity suggest that packets with source addresses
of private ip numbers have been attempting to enter
our
network:
 
deny ip 10.0.0.0 0.255.255.255 any log (134 matches)
 
I have log entries for attempts from 192.168.0.0
255.255.0.0 and 172.16.0.0 255.240.0.0 as well. In a
months time 2500 matches were made from all three
sources. Chances are that theses packets are coming
to us with forged header information (spoofed) and are
getting blocked at our wan filter. Or maybe there is
a broken NAT inplementation somewhere. Although routes
used for Internet traffic are based on the destination
ip of the packet, not the actual source of the packet,
and packets forged in this manner have no return path
to those networks, so any traffic inbound can not
possibly have a return, should I be concerned about
these attempts? Would it be much for ISPs to filter
these routes by source at their distribution or access
layers (not in their core), or wherever they connect
with with customers? Or, with some ISPs is it up to
the "liitle guy" to do the filtering?

=====
Gerard N. West
gnwest@yahoo.com

__________________________________________________
Do You Yahoo!?
Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT