> private addresses routed to or addressed to outside of your local > address and boarder gateways SHOULD filter out anything that has a > source address of a private address space, but, baring "policy routing", > stock routing does not take the source address into consideration in > the routing tables. Lack of filtering? Maybe... Debatable. > Hopelessly messed up routing tables? Not. Invalid configuration - yes. Since ICMP's from the bogus 10.* addresses might be important ones that you screen (path mtu for example). Also you have to block external 10.* traffic if you are using 10.* internally as you may get errors on your network caused by beliving an ICMP redirect escaped from their net