Ok, so then when your home pc firewall gives you a report of a portscan from an address from within those ranges despite your not having an intranet how do you find its real source? The proxy server for this cable modem is on the 10.x.x.x range but I have had 192.168.x.x attempts on my pc. I am still not too well versed in TCP/IP but I found this impossible to resolve. Mark
----- Original Message ----- From: "Michael Grice" <[EMAIL PROTECTED]> To: "Andrew Blevins" <[EMAIL PROTECTED]> Cc: "security-basics" <[EMAIL PROTECTED]> Sent: Friday, November 02, 2001 2:27 AM Subject: Re: help - can someone explain this to me? > * Andrew Blevins <[EMAIL PROTECTED]> [011031 17:19] wrote: > > I don't feel too ignorant, since this is "Security Basics"! I learn every > > day from this list. However, I think that saying 10.x.x.x , 172.16-31.x.x > > ,192.168.x.x addressses are "non-routable", as many have said, is > > misleading. As far as I understand it, they only thing that makes these > > "non-routable" is if router's and such are configured to make them so. These > > addresses are just as routable as any other address, its just that RFC 1918 > > has standardized them to not be routed. > > Obviously, any ISP or WAN admin worth a buck is going to use NAT and > > access lists and all that to make sure that none of these addresses exist on > > the internet. > > Yes, routers on the Internet will attempt to route those packets. Even > without access lists and null routes and the like, however, a packet > with a destination address such as 10.198.14.127 is not going to reach > its destination (or any destionation with that address) from the vast > majority of hosts on the Internet. No one on the Internet is going to > (intentionally) advertise routes to the 10.0.0.0/8 block outside of > their own autonomous system (and if they do they won't do it for long). > > So if you can't route a packet to a particular destination address, I'd > say it's fair to call that address non-routable on the Internet; the fact > that you can attempt it doesn't really make any difference. You just > have to keep stressing that word "Internet." > --Michael
