From owner-freebsd-security  Mon Aug 17 17:19:08 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA26959
          for freebsd-security-outgoing; Mon, 17 Aug 1998 17:19:08 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gizmo.dimension.net (gizmo.dimension.net [209.12.7.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA26940
          for <freebsd-security@FreeBSD.ORG>; Mon, 17 Aug 1998 17:19:01 -0700 (PDT)
          (envelope-from jaitken@dimension.net)
Received: (from jaitken@localhost)
	by gizmo.dimension.net (8.8.8/8.8.8) id UAA14592;
	Mon, 17 Aug 1998 20:18:14 -0400 (EDT)
From: Jeff Aitken <jaitken@dimension.net>
Message-Id: <199808180018.UAA14592@gizmo.dimension.net>
Subject: Re: private network on router's external NIC?
In-Reply-To: <6847.903394909@verdi.nethelp.no> from "sthaug@nethelp.no" at "Aug 18, 98 01:01:49 am"
To: sthaug@nethelp.no
Date: Mon, 17 Aug 1998 20:18:14 -0400 (EDT)
Cc: girgen@partitur.se, freebsd-security@FreeBSD.ORG
Reply-to: jaitken@dimension.net
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

sthaug@nethelp.no writes:
> > Makes sense to me. So, how do these ip numbers get out on the Internet?
> > How do they get routed anywhere; they're supposed to be private?

Those addresses are only private because we all consider them to be.
There's nothing stopping an ISP from telling the world "The
10.0.0.0/8 network is reachable via ME!".  Hell, there have been
people who have announced "Hey, the ENTIRE INTERNET is reachable
through ME!". ;-)

What's stopping them is the fact that *most* people won't route to
private network addresses.


> Routing is normally done on *destination* address, so a *source* address
> within the RFC 1918 address ranges is irrelevant to routing.
> 
> There are several reasons why such packets show up, e.g.:
> 
> - ISPs with the (bad) idea that they can use RFC 1918 for their internal
> network links, because (supposedly) the addresses won't get out. Guess
> what happens when you do a traceroute along one of these paths?

Not to get off topic, but using private addresses for internal
network links doesn't necessarily cause them to be advertised.  If
this guy is seeing attempted connections to WWW servers, they're not
the result of someone running a traceroute.

Only improperly configured routers (and less-than-clueful upstream
providers) cause these networks to be advertised.

I'm not defending the improper use of private network numbers,
but it takes more than that to account for the observed behavior.


--Jeff


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message