Assuming the 192.168 address was the source, remember that routing decisions are made on the destination address, not the source. Routing will not prevent a packet with a private source IP from traversing the Internet, but it will almost certainly stop any return packet from making it back to the originator.
Another explanation for these address being seen on the Internet is that ISP's sometimes use them internally, so if you do a traceroute which passes through such an ISP's network you will see some of the intermediate hops come up as 192.168, 172.16 or 10 addresses. However you will not be able to send packets to these hosts, unless it is your own ISP (even then you/they should be filtering such packets). ----- Original Message ----- From: Joe Brown <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 17, 2002 00:50 Subject: RFC 1911 IPs in my firewall logs > > > Hello all, > > Reviewing my home office firewall logs, I noticed an > entry in which someone tried to connect to my > external interface with an IP of 192.168.50.xx. I > assume it's a spoofed address, but I just don't know > how they got it to traverse the Internet? How can that > be routed? > > Thanks. >
