Re: Odd entries in my Security Router logs

From: Valdis.Kletnieksat_private
Date: Thu Dec 12 2002 - 09:09:38 PST

Next message: HggdH: "Re: Odd entries in my Security Router logs"

Previous message: larosa, vjay: "DNS help"
In reply to: David Gillett: "RE: Odd entries in my Security Router logs"
Next in thread: Valdis.Kletnieksat_private: "Re: Odd entries in my Security Router logs"
Next in thread: James C. Slora Jr.: "Re: Odd entries in my Security Router logs"
Reply: Valdis.Kletnieksat_private: "Re: Odd entries in my Security Router logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 11 Dec 2002 12:59:12 PST, David Gillett <gillettdavidat_private>  said:

>   Reality, therefore, is that packets from these source 
> addresses are seen on the public Internet, and that any
> router/firewall/gateway at a security perimeter should
> drop them.

Close to 30% of the traffic at the root nameservers have sources in RFC1918
space.  This indicates:

1) A lot of systems behind a NAT have broken configurations causing DNS
lookups.

2) The NAT itself is broken allowing the 1918 address to escape.

3) The ISP isn't filtering.

There's a *lot* of stupid configuration out there.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Next message: HggdH: "Re: Odd entries in my Security Router logs"
Previous message: larosa, vjay: "DNS help"
In reply to: David Gillett: "RE: Odd entries in my Security Router logs"
Next in thread: Valdis.Kletnieksat_private: "Re: Odd entries in my Security Router logs"
Next in thread: James C. Slora Jr.: "Re: Odd entries in my Security Router logs"
Reply: Valdis.Kletnieksat_private: "Re: Odd entries in my Security Router logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 09:26:26 PST