Yes I've seen similar behavior. Reserved address space is dropped by the
backbone routers but not necessarily by ISP's further up the food chain.
Assume you are connected via an ISP that does not drop reserved addresses,
further assume another of the ISP's clients is using the same reserved
address space as you (say the ever popular 10.x.x.x), it is possible for
their packets to leak onto your net.
Specifically assume an internal host on their net attempts to browse your
web server and that they do not properly translate the reserved address to
a 'public' address, you can see a packet at your web server that 'appears'
to be from an internal host on your network (say source address 10.1.1.1).
Solution, drop packets at your 'front door' router that have a source
address equal to 'your' reserved address space (always a good practice
IMO). (In fact way back in the stone ages (Stone ages in ITime => ~4-5
years ago) I even saw a RIP packet for 10.1.1.0/24 hit my front door,
ignored, dropped, and logged of course. ;-)
===========================================================================
On Thu, 2 Sep 1999 11:31:59 -0700 Matthew G. Harrigan asked:
I was thinking about private vs. public inet address space the other
day, and it occurred to
me that with all the changing of authority with domain registrars and ip
authorities, that some things
are bound to get fuddled in the near future. For instance, right now it
is the responsibility of the nic
and a couple other core entities to delegate to the rest of the
root-servers crowd not to route the
10.X's, 192.168.X's etc..., and if that responsibility expands past
these few entities (especially seeing as
how aquisitions are occurring right and left), there is obvious room for
mistakes or confusion. We've all
seen what happens when upstream ISPs fudge the routing tables, but I
wonder what the impact
would be if one of the newcomers decided to route 10.0.1.X at the same
time another one did. I believe
it's possible that packets could end up on someone else's private net
given the appropriate fudging
scenario. So what I'm wondering is ... among the firewall list folks,
has anyone seen any anomalies
of this nature, and if so, what are the responses that stateful
inspection vs. packet filtering give on
unexpected WAN behavior?
Matt
Matthew G. Harrigan
CTO, MCR
http://www.mcr.com
Dana Nowell Home: mailto:[EMAIL PROTECTED]
Cornerstone Software Inc. Work: mailto:[EMAIL PROTECTED]
MIME attachments preferred, BINHEX and uuencoded acceptable.
The opinions above are free, remember you get what you pay for.
The company doesn't speak for me and I don't speak for them.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
