Re: [PEN-TEST] advertising private IP numbers?

[Philipp Buehler <lists () fips de>]

On 22/12/2000, securitygeek () HUSHMAIL COM <securitygeek () HUSHMAIL COM> wrote To PEN-TEST () SECURITYFOCUS COM:
> Below is part of traceroute that I grabbed... Is it normal to advertise
> non-routable/interal IP's like this? If it isn't, what mischief can be made
> easier to accomplish when this is done?
>
>  18    80 ms   100 ms    80 ms  bb1-pos3-0-0.rdc1.va.home.net [24.7.73.110]
>  19   100 ms   140 ms   110 ms x.x.x.home.net [24.x.x.x]
>  20    81 ms    90 ms   150 ms  10.252.60.6
>  21   331 ms   320 ms   411 ms  192.168.0.98
>  22   190 ms   160 ms    90 ms  x.x.x.253
>  23   150 ms   191 ms   140 ms  x.x.x.10

Most likely these are transfer-nets numbered w/ RFC1918 space.
Not the practice, but a possibility if you cant have unnumbered
links and have not enough official IP space to split a transfer net
out.
I use this sometimes also for temporary connects, but I suppress
traceroute packets via ACL, so you wont "see" it :>

ciao
--
Philipp Buehler, aka fIpS | sysfive.com GmbH | BOfH | NUCH | <double-p>
%SYSTEM-F-TOOEARLY, please contact your sysadmin at a sensible time.
Artificial Intelligence stands no chance against Natural Stupidity.
           [X] <-- nail here for new monitor