On 2010-04-13 13:21, Hamish MacEwan wrote:
On Mon, Apr 12, 2010 at 11:28, Andy Linton
wrote: In particular, is there a significant level of "leakage" of supposedly private use traffic directed to addresses in 1.0.0.0/8 that leak into the public Internet?
The report on this study is now available at http://www.potaroo.net/studies/1slash8/1slash8.html, and two recommendations are included in this report regarding reservations of particular address blocks and further followup studies.
Interesting, but is there no investigation on the origins of the leakage?
Well, we know that some sites run Net 1 behind a NAT when they should be running an RFC 1918 prefix. We also know that pretty much everbody is configured to drop RFC 1918 destination packets, but since Net 1 is a valid prefix there is no reason to drop it. So the real question is probably: why are packets being sent to addresses that are behind NATs? Shooting from the hip, I would suspect some sort of peer to peer protocol (in the generic sense of peer to peer), where a peer outside the NAT has been given the address of a peer inside the NAT. It would be interesting to know something about the UDP and TCP port numbers involved. Brian