On Tue, Oct 30, 2001 at 08:29:21AM -0800, Andrew Blevins wrote: [ Quoting reorganized to stop this insane top-posting!]
>> but that does not explain why he is gettings hits by non routable ip >> addresses..even if they were natted they would show the NAT external address >> ..not the internal address >> and yes 10.x.x.x , 172.16-31.x.x ,192.168.x.x are non routable (RFC 1918) > I don't feel too ignorant, since this is "Security Basics"! I learn every > day from this list. However, I think that saying 10.x.x.x , 172.16-31.x.x > ,192.168.x.x addressses are "non-routable", as many have said, is > misleading. As far as I understand it, they only thing that makes these > "non-routable" is if router's and such are configured to make them so. These You are partyly correct. There is no such thing as a non-routable IP address. That's pretty much the whole point of IP -- to be routed. However, the RFC1918 addresses are not GLOBALLY routable for several distinct reasons: 1. Routers that are configured to follow all of RFC1918 will drop them. 2. These addresses were not allocated to any one entity by the IANA. Therfore, none of the core routers (should) receive BGP annoucements for them, and thus have nowhere to send them. 3. Since companies, including network provider and ISPs, are free to use these addresses internally, if a packet headed for those addresses does make it into a network, there's no consistant way to tell where it will end up. Of these three, only #1 will keep packets that came *from* an RFC1918 address off the Internet. And #1 is not followed by many large companies -- on their core routers for performance reasons, on their border routers for, well, reasons that aren't so clearly good. Nonetheless, they could very easily make it TO their destination, especially if the source is within the same ISP. > Obviously, any ISP or WAN admin worth a buck is going to use NAT and > access lists and all that to make sure that none of these addresses exist on > the internet. You would be surprised how many extremely clueful and competant admins allow packets source from these addresses, intentionally or otherwise, to cross the internet. --K
