I've been observing the following:
a. - gateways sending RFC1918 addresses in the inside header (e.g. 192.168.11.0/24)
Unfortunately it is very common. Not only on IPIP tunnels but also on other connections we have (OpenVPN, IPsec tunnels, radio access points). Some weeks ago I mentioned it on the list, the sender claimed he would act on it, but it just continues.
Unfortunately not many users understand iptables well enough to just block invalid traffic on their own gatewat and even fewer are actively monitoring their equipment so they would notice they are sending stuff like this and receiving "prohibited" replies all the time :-(
I would recommend amprnet operators starting a network analyzer on your network (like wireshark) every time you have made a configuration change, added some equipment, or just have a few minutes of time to spend. It will teach you a lot and make the other operators happy.
Rob
+1
I would recommend amprnet operators starting a network analyzer on your network (like wireshark) every time you have made a configuration change, added some equipment, or just have a few minutes of time to spend.
Is there a amprnet wiki page with recommendations and notes on just how to do this?
Bill
-
Bill Vodall -
Rob Janssen -
Tom SP2L