Date: Tue, 18 Aug 1998 06:35:41 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: jaitken@dimension.net Cc: sthaug@nethelp.no, girgen@partitur.se, freebsd-security@FreeBSD.ORG Subject: Re: private network on router's external NIC? Message-ID: <738.903414941@critter.freebsd.dk> In-Reply-To: Your message of "Mon, 17 Aug 1998 20:18:14 EDT." <199808180018.UAA14592@gizmo.dimension.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199808180018.UAA14592@gizmo.dimension.net>, Jeff Aitken writes: >sthaug@nethelp.no writes: >> > Makes sense to me. So, how do these ip numbers get out on the Internet? >> > How do they get routed anywhere; they're supposed to be private? > >Those addresses are only private because we all consider them to be. >There's nothing stopping an ISP from telling the world "The >10.0.0.0/8 network is reachable via ME!". Hell, there have been >people who have announced "Hey, the ENTIRE INTERNET is reachable >through ME!". ;-) But any moderately experienced BGP-gaffer will know not to accept any routes for: neighbor x.x.x.x distribute-list 4 in access-list 4 deny 0.0.0.0 access-list 4 deny 10.0.0.0 0.255.255.255 access-list 4 deny 172.16.0.0 0.0.15.255 access-list 4 deny 192.168.0.0 0.0.255.255 access-list 4 deny 127.0.0.0 0.255.255.255 access-list 4 deny <mynet0> <mynetmask0> access-list 4 deny <mynet1> <mynetmask1> access-list 4 deny <mynet2> <mynetmask2> -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?738.903414941>