Date: Mon, 24 Jul 2000 15:54:50 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: bartequi@inwind.it (Salvo Bartolotta) Cc: dmartin@origen.com (Richard Martin), freebsd-security@FreeBSD.ORG Subject: Re: Problems with natd and simple firewall Message-ID: <200007242254.PAA49471@gndrsh.dnsmgr.net> In-Reply-To: <20000724.23345600@bartequi.ottodomain.org> from Salvo Bartolotta at "Jul 24, 2000 11:34:56 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
If you wish to make yourself even sicker run a ndc dump and grovel through the file for RFC1918 addresses. It is sites not knowing how to do split DNS that are leaking RFC1918 addresses into DNS that is causing some of these that we see cross our boarder routers (And yes, we have an AS policy that filters all RFC1918 src and dst addresses at all boarders, up and down stream.) Here is a days worth of counts from one router: 00400 441 67618 deny log logamount 100 ip from 10.0.0.0/8 to any 00400 8 7746 deny log logamount 100 ip from 172.16.0.0/12 to any 00400 13 898 deny log logamount 100 ip from 192.168.0.0/16 to any 00500 5 294 deny log logamount 100 ip from any to 10.0.0.0/8 00500 4 242 deny log logamount 100 ip from any to 172.16.0.0/12 00500 53 2417 deny log logamount 100 ip from any to 192.168.0.0/16 > > On 7/25/00, 12:18:04 AM, Richard Martin <dmartin@origen.com> wrote > regarding Re: Problems with natd and simple firewall: > > > > On the other hand, I do see packets hitting the other inbound RFC 1918 > filters > > from time to time. Someone should have a talk with those routers... > A low > > level concern, but still a concern > > > <ME TOO>I have regularly (maybe I should say "systematically") been > logging RFC-1918-spoofed packets coming through my ISP in the past few > months.</ME TOO> > > I have also been using a closed (stateful) packet filter. > > > > Needless to say, I phoned my ISP "technicians", I also sent mail, but > I still regularly see those packets almost every day. What's more, > this is, er, a big national (!) ISP in my country. > > The (IPv4) 'Net may be insecure by ... definition, but this kind of > thoughtlessness seems to me even worse. > > Best regards, > Salvo > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007242254.PAA49471>