Contents
日本語 翻訳内容の正確さは保障できない
https://www5d.biglobe.ne.jp/~stssk/rfc/rfc3704j.html
"Martian Address" - an address that is reserved [3], including any address within 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4, or 240.0.0.0/4.
2.1. Ingress Access Lists An Ingress Access List is a filter that checks the source address of every message received on a network interface against a list of acceptable prefixes, dropping any packet that does not match the filter.
While this is by no means the only way to implement and ingress filter, it is the one proposed by RFC 2827 [1], and in some sense the most deterministic one.
RFC 2827
1. history
3.2. Ingress Filtering to Protect Your Own Infrastructure
However, unless ingress filtering (or at least, a limited subset of it) has been deployed at every border (towards the customers, peers and upstreams) -- blocking the use of your own addresses as source addresses -- the attackers may be able to circumvent the protections of the infrastructure gear. Therefore, by deploying ingress filtering, one does not just help the Internet as a whole, but protects against several classes of threats to your own infrastructure as well.