Security Incidents mailing list archives
Re: Private networks and home.{net|com}
From: raane () WMDATA COM (Andersson, Rasmus)
Date: Tue, 8 Feb 2000 15:13:21 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, there is something you don't completely understand :-) The private nets are not routed on the Internet. A very good example of use for that is link networks, just connecting two or more routers. Besides saving public addresses, it adds some security. In what way does that "destroy the meaning of the concept"? You cannot reach that router, and you have no reason for doing that. But that router can reach you with ICMP messages if need be. Or route your packets. This is why you should not filter ALL packets from private nets, you must let ICMP unreachables and time-exceededs through. Otherwise you will break Path-MTU-discovery. regards Rasmus Andersson WM-data Security Löjtnantsgatan 25 Box 27307, 102 54 Stockholm Tel: 08-459 10 46, 070-535 14 21 Fax: 08-459 10 45 mailto:raane () wmdata com http://www.sec.wmdata.se
-----Original Message----- From: Etaoin Shrdlu [mailto:shrdlu () PACBELL NET] Sent: Tuesday, February 08, 2000 5:52 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Private networks and home.{net|com} So we're looking for a little odd something, and we do a simple traceroute, and what do we see? What the heck are those IP addresses at hops 15, 20, and 21? I thought that those weren't supposed to be passed, and there are three of them in one traceroute. This kind of destroys the meaning of the concept of a "private network," especially if insane numbers like these are going to show up in routing tables. Am I just not understanding something here? <SNIP>
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOKAWeTwhv8twZQJiEQKUdgCeIEgXhqqbp1pQJgRgpX6YS4L8YOAAoPxe dscdKSHSXk0pP92VgcX1Abnj =O0+P -----END PGP SIGNATURE-----
Current thread:
- Re: Private networks and home.{net|com} Sachs, Marcus (Feb 08)
- Re: Private networks and home.{net|com} Rasmus Andersson (Feb 09)
- Re: Private networks and home.{net|com} Pavel Kankovsky (Feb 10)
- <Possible follow-ups>
- Re: Private networks and home.{net|com} Andersson, Rasmus (Feb 08)
- Re: Private networks and home.{net|com} Marc Slemko (Feb 09)
- Re: Private networks and home.{net|com} Sachs, Marcus (Feb 09)
- Re: Private networks and home.{net|com} Rasmus Andersson (Feb 10)
- Re: Private networks and home.{net|com} Jeffrey Papen (Feb 10)
- Re: Private networks and home.{net|com} Jeffrey Papen (Feb 10)
- Re: Private networks and home.{net|com} Rasmus Andersson (Feb 09)