That Security Now episode I linked to has an entire transcript - might be worth just keyword searching for the relevant section, as it was only a few minutes worth of an hour-plus show answering many different questions.
For many years it used to be that all the routers used 192 by default. I didn't see one use 10. until I bought an Apple router a few years ago. The subnet mask allows you to specify how much of the range is available for your computer. So if you don't expect to need more than 255 unique addresses on your LAN, you tell your computers to use 255.255.255.0 for the subnet mask, meaning that they should keep the first 3 octets fixed and only vary the last one. So applying that subnet mask to 192.168.0.x, that means you will get addresses from 192.168.0.1 all the way to 192.168.0.255. This has the effect of speeding up network traffic. If you were running a much bigger LAN and needed thousands of IP addresses, then you would probbaly use a subnet like 255.255.0.0 which means the network will have 256 x 256 = 65,536 unique addresses. More info: http://compnetworking.about.com/od/workingwithipaddresses/a/subnetmask.htm http://en.wikipedia.org/wiki/Subnetwork --------------------------- Brian Weeden Technical Consultant Secure World Foundation <http://www.secureworldfoundtion.org> +1 (514) 466-2756 Canada +1 (202) 683-8534 US On Mon, Apr 6, 2009 at 8:13 PM, DHSinclair <dsinc...@bellsouth.net> wrote: > Brian, > Thank you for still being around. > Yes, I understand everything you said. > I will again visit your shares, print/save what ever I need and move > forward. > Slowly. > I suppose that the reason I raised my ask initially was to find out why so > many > of our Collective have poo-poo's about using the 10.x.x.x series. > I know that it is a huge (full) range. > But, > When I use it I always use a sub-net mask of 255.255.255.0. > I am still grappling with the the sub-net part. My problem! > Perhaps this is my own stupidity. Sorry List (what's left of it!) Apologize > completely. > There should be "quiet" from me in the next few days as my LAN shakes out. > Thank you. > Duncan > > > At 19:52 04/06/2009 -0400, you wrote: > >> It doesn't matter one bit. 192.x.x.x and 10.x.x.x are private only that >> they are non-routable address ranges. That means by design, any packet >> with >> a 10 or 192 header dropped on the internet will go nowhere. Which is why >> everyone can use them in their internal LAN without needing to reserve >> unique ranges. It also makes for great security, because in the event >> that >> some of your internal LAN traffic does get on the net nobody can do >> anything >> with it. >> >> So changing from 192 to 10 ranges is really only cosmetic. But if you are >> intent on doing it, it shouldn't be too hard. If you are using your >> router >> as a DHCP server, then you should be able to change this fairly simply. >> Somewhere in the router settings should be the ability to specifcy what >> address range the router gives out. Not all routers wil probably support >> this, but I think most will. >> >> If your router doesn't support it, or if you are using static IPs, then >> just >> go to each machine and give it a unique 10.x.x.x address. But make sure >> you >> get them all, otherwise anything left on the old 192 range won't be ablet >> to >> communicate. >> >> For more info, see this page: >> >> http://en.wikipedia.org/wiki/IP_address#IPv4_private_addresses >> >> Or check out the audio/transcript of Security Now! Epsiode 108: >> >> http://www.grc.com/sn/SN-108.htm >> >> --------------------------- >> Brian Weeden >> Technical Consultant >> Secure World Foundation <http://www.secureworldfoundtion.org> >> +1 (514) 466-2756 Canada >> +1 (202) 683-8534 US >> >> >> On Mon, Apr 6, 2009 at 7:28 PM, DHSinclair <dsinc...@bellsouth.net> >> wrote: >> >> > I wish to change the IP series I use on my home LAN. >> > Yes, I believe I know what this involves, but am willing to read >> alternate >> > thoughts. >> > For the past 2 yrs I have been using 192.168.x.x >> > I with to go back to 10.x.x.x. >> > >> > I get way too much external FUTZ trying to get into 192.168.x.x. >> Perhaps I >> > read my logs wrongly. >> > Perhaps. To me, I would like to stop using the [private] series used by >> > most all of the commercial equipment suppliers. >> > Please. Rain on my parade! >> > Thank you, >> > Duncan >> > >> > >> >> __________ NOD32 3990 (20090406) Information __________ >> >> This message was checked by NOD32 antivirus system. >> http://www.eset.com >> > >
