by John McEnro » Mon, 18 Oct 1999 04:00:00
If I have a network like 199.34.39.x, like this:
local network ----| eht0 ROUTER s0|----INET
then I setup my router to allow only the 199.34.39.x addresses thru its eth0
inter-
face and block packets coming in thru its s0 interface from the 199.34.39.x
addresses.
Optionally, you can disable the network and broadcast addresses too.
J.M.
I don't think that this is bad. All of those machines have routes for the
particular networks they know about, then a general "default" route to the
rest of the internet. 192.168.*.* doesn't match any of the specific routes,
so it goes further out. Until it gets to something which is high-level
enough to have no default routes, at which point it's unroutable.
ISPs should be careful to block outgoing advertisements of routes to, well,
any address they don't have allocated to them, which includes the private
network addresses... but I don't see any reason they should have special
routes or blocking for outgoing packets addressed to private network addresses.
Incidentally, re the question of whether an IP address ending in 255 can ever
be a usable address for a machine: It depends on your netmask. A traditional
"class B" network which is not subnetted (i.e. netmask 255.255.0.0) could
have a machine with an IP address with a fourth octet of 255 so long as
the third octet wasn't also 255, although I wouldn't recommend it.
--
very frequently asked questions at
ftp://rtfm.mit.edu/pub/faqs/computer-security/most-common-qs
2. HELP: Setting up account for ftp user
3. perl-hacker != c hacker.. Perl5a8+ binary wanted
6. how to find the total number of open file descriptors per application
7. Please help a confused LINUX wannabe.
8. Is this normal SCSI CD Rom behaviour?
9. Bill who? ...that Linus wannabe?
11. A MUST read article for Linux fans and wannabes.
12. Linus-wannabe? Make a POSIX Real Time OS!!
13. A Linux wannabe