* Andrew Blevins <[EMAIL PROTECTED]> [011031 17:19] wrote: > I don't feel too ignorant, since this is "Security Basics"! I learn every > day from this list. However, I think that saying 10.x.x.x , 172.16-31.x.x > ,192.168.x.x addressses are "non-routable", as many have said, is > misleading. As far as I understand it, they only thing that makes these > "non-routable" is if router's and such are configured to make them so. These > addresses are just as routable as any other address, its just that RFC 1918 > has standardized them to not be routed. > Obviously, any ISP or WAN admin worth a buck is going to use NAT and > access lists and all that to make sure that none of these addresses exist on > the internet.
Yes, routers on the Internet will attempt to route those packets. Even without access lists and null routes and the like, however, a packet with a destination address such as 10.198.14.127 is not going to reach its destination (or any destionation with that address) from the vast majority of hosts on the Internet. No one on the Internet is going to (intentionally) advertise routes to the 10.0.0.0/8 block outside of their own autonomous system (and if they do they won't do it for long). So if you can't route a packet to a particular destination address, I'd say it's fair to call that address non-routable on the Internet; the fact that you can attempt it doesn't really make any difference. You just have to keep stressing that word "Internet." --Michael
