Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: My ISP is routing traffic to private addresses...

From: Alexander Georgiev <fd () daloo de>
Date: Mon, 20 May 2013 12:00:53 +0200
Because private addresses have no global meaning, routing information
  about private networks shall not be propagated on inter-enterprise
  links, and packets with private source or destination addresses
  should not be forwarded across such links. Routers in networks not
  using private address space, especially those of Internet service
  providers, are expected to be configured to reject (filter out)
  routing information about private networks. If such a router receives
  such information the rejection shall not be treated as a routing
  protocol error.



Am 18. Mai 2013 14:55:08 schrieb Justin Elze <formulals1 () gmail com>:

The idea behind private IP space is it doesn't leave the ISPs AS via BGP to
the rest of the internet.

On the topic of routing if you're router doesn't have a directly connected
route or specific route for 172.x.x.x/whatever it will automatically send
information to the default 0.0.0.0 route.

There could be a number of cases where you had private IP space in front of
a router/wap/whatever.

ISPs use prefix lists on their boarder BGP routers to explicitly allow
which ranges get redistributed to the rest of the internet.


On Sat, May 18, 2013 at 7:41 AM, Kirils Solovjovs <
kirils.solovjovs () kirils com> wrote:

>
>
> On 2013.05.18. 10:34, Alexander Georgiev wrote:
>
>> It is sad, that many people don't understand network basics. BTW, your
>> internet router should not forward rfc1918 addresses to the outside,
>> shouldn't he?
>>
> It should. Private address ranges are not marked "magic cows" inside a
> classical router's firmware.
>
> Still the problem OP is experiencing is strange, since if there is a local
> subnet, it should have a priority local route. Why isn't it there?
>
> Btw, I'd be cautious to state that ISP filter incoming packets with
> dst=private. The limitation here would be that private ranges will usually
> be router upstream, so you can't really get past and internet exchange.
>
> --
> Kirils Solovjovs
>
>
> ______________________________**_________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-**disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html> 
> Hosted and sponsored by Secunia - http://secunia.com/
>



--
IMPORTANT NOTICE: This e-mail and any attachments thereto is intended only
for use by the individual or entity to whom it's addressed and may be
proprietary and/or legally privileged. If you are not the intended
recipient of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this email, and any attachments thereto, without
the prior written permission of the sender is strictly prohibited.   If you
receive this e-mail in error, please immediately telephone or e-mail the
sender and permanently delete the original copy and any copy of this
e-mail, and any printout thereof.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: