netsec-sig - Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!
Subject: Internet2 Network Security SIG
List archive
- From: Adair Thaxton <>
- To: "" <>
- Subject: Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!
- Date: Fri, 10 May 2019 19:45:01 +0000
Brian Pullin's answer:
The INTERFACE-CONNECTORS are direct connected interfaces and that is the
only thing I was made aware of by Nathan. We can approach peering but it
will be difficult in I2PX(TRCPS). In R&E the peers are mostly controlled
by access list (prefix list) and we do not allow the RFC1918 in to the
prefix list. They would still be able to send RFC1918 packets but not
advertise the address.
This is something we can spend more time on after we fix the connectors.
On 5/10/19 2:43 PM, Michael H Lambert wrote:
>> On 10 May 2019, at 14:15, Adair Thaxton <> wrote:
>>
>> Internet2 will be implementing the new INTERFACE-CONNECTOR filter to
>> block RFC1918 packets being sent via connectors.
>
> Will these filters also be applied to peer interfaces once they are deemed
> stable on connector interfaces?
>
> Michael
>
>
- [Security-WG] Blocking RFC1918 from connectors: It's happening!, Adair Thaxton, 05/10/2019
- Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!, Michael H Lambert, 05/10/2019
- Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!, Adair Thaxton, 05/10/2019
- Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!, Jeff Bartig, 05/10/2019
- Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!, Adair Thaxton, 05/10/2019
- Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!, Michael H Lambert, 05/10/2019
Archive powered by MHonArc 2.6.19.