----- Original Message ----- From: "Cliff Riggs" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "scott [gts]" <[EMAIL PROTECTED]>; "security-basics" <[EMAIL PROTECTED]> Sent: Friday, October 26, 2001 7:57 PM Subject: RE: help - can someone explain this to me?
> Those are spoofed addresses. They could be coming from anyplace. The > idea that the numbers are 'not-routable' is common, but not quite > accurate. The RFC 1918 packets are as routable as any other packet, > otherwise how would a subnetted LAN operate? There are many a routed The idea that they are not routable is half-right. They are not *globally* routable, as RFC1918 states: Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. Thus, in the perfect/hypothetical world where everyone followed RFC1918's suggestions as well as it's requirements, those addresses are not routable, as any router not *on* one of those networks should drop them. And even in the real world, those addresses are not routable back to their real source, as any number of routers in the middle could be using them. --K
