[xmail] Re: Private Ips per RFC 1918 found in glst-lame.dbm ! ?!?

[CLEMENT Francis]

On Tuesday 24 October 2006 15:22, Davide Libenzi wrote:
 On Tue, 24 Oct 2006, CLEMENT Francis wrote:
  Hello
 
  This post is not directly xmail or glst related, but I don't know where
  to post at this time for informations.
 
  Trying to use the content of glst-lame.dbm to generate some local
  blacklist, i noticed that some entries indicate 192.168 private network
!
 
  As my internal network don't use this class B, I don't understand !
 
  Does it means my server was under ip spoofing attacks ?
 
  Does this mean that some weak routers on internet route rfc 1918
subnets
  to me ?

 In theory yes, but the closer the spoofer is to you, the lesser routers
 will have to go through.


Thanks Davide, its exactly what I think

When I first started managing my own internet access, I had rules in my 
firewall to drop any private IPs coming from the outside. I went years 
without a single hit on those rules. I eventually decided it wasn't worth
the 
CPU cycles to check every new connection for impossible packets and deleted

those rules. Maybe I should reconsider...

Jeff

I did the same on my firewalls after considering these subnets could never
reach my network per rfc 1918 statements !
But it seems many Internet connection providers never read rfc's or apply
them correctly :-(
(its so easy to sell expensive options like firewall boxes that will do that
should normally be the basic.)

Now I will reinstall rules for rfc 1918 filtering :(

Francis
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Private Ips per RFC 1918 found in glst-lame.dbm ! ?!?

[Jorn Hass]

We have default rule-set of fire-walling rules per server. Even if the
server is behind a fire-wall itself, we still apply fire-walling on each
server itself. This set includes an RFC set by default.

From experience I can say that the networks bleed a lot of such
traffic all over.

When I asked our network engineers about this, I got various answers
from not wanting to spend 2 minutes to add those ACLs to routers, to
claims that the processing for implementing such ACLs would be too
hefty on the CPUs of the router.

I even had a comment that it's the clients responsibility to do that
filtering, not the core network/edge routers.

In my mind, every router should have a default subset of these filters
on them. End of story. (Unfortunately not...)

What I find even more disturbing is the number of queries for and from
such networks that bleed through to our DNS servers. They obviously
just get rejected outright on the server fire-wall, but they should
never even have gotten there.

Companies that use private sub nets, should use DNS servers with views
to shield the Internet from such queries. I have even seen private
addresses being used in public DNS space. I.E. for MXs...

Wednesday, October 25, 2006, 10:41:58 AM, you wrote:


[snip]

When I first started managing my own internet access, I had rules in my
firewall to drop any private IPs coming from the outside. I went years
without a single hit on those rules. I eventually decided it wasn't worth
 the 
CPU cycles to check every new connection for impossible packets and deleted

those rules. Maybe I should reconsider...

Jeff

 I did the same on my firewalls after considering these subnets could never
 reach my network per rfc 1918 statements !
 But it seems many Internet connection providers never read rfc's or apply
 them correctly :-(
 (its so easy to sell expensive options like firewall boxes that will do that
 should normally be the basic.)

 Now I will reinstall rules for rfc 1918 filtering :(


-- 
Best regards,
 Jornmailto:[EMAIL PROTECTED]

-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the body of a message to
[EMAIL PROTECTED]