| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 May 2013 12:00:53 +0200
From: Alexander Georgiev <fd@...oo.de>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: My ISP is routing traffic to private
addresses...
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
protocol error.
Am 18. Mai 2013 14:55:08 schrieb Justin Elze <formulals1@...il.com>:
> The idea behind private IP space is it doesn't leave the ISPs AS via BGP to
> the rest of the internet.
>
> On the topic of routing if you're router doesn't have a directly connected
> route or specific route for 172.x.x.x/whatever it will automatically send
> information to the default 0.0.0.0 route.
>
> There could be a number of cases where you had private IP space in front of
> a router/wap/whatever.
>
> ISPs use prefix lists on their boarder BGP routers to explicitly allow
> which ranges get redistributed to the rest of the internet.
>
>
> On Sat, May 18, 2013 at 7:41 AM, Kirils Solovjovs <
> kirils.solovjovs@...ils.com> wrote:
>
> >
> >
> > On 2013.05.18. 10:34, Alexander Georgiev wrote:
> >
> >> It is sad, that many people don't understand network basics. BTW, your
> >> internet router should not forward rfc1918 addresses to the outside,
> >> shouldn't he?
> >>
> > It should. Private address ranges are not marked "magic cows" inside a
> > classical router's firmware.
> >
> > Still the problem OP is experiencing is strange, since if there is a local
> > subnet, it should have a priority local route. Why isn't it there?
> >
> > Btw, I'd be cautious to state that ISP filter incoming packets with
> > dst=private. The limitation here would be that private ranges will usually
> > be router upstream, so you can't really get past and internet exchange.
> >
> > --
> > Kirils Solovjovs
> >
> >
> > ______________________________**_________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-**disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html>
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> IMPORTANT NOTICE: This e-mail and any attachments thereto is intended only
> for use by the individual or entity to whom it's addressed and may be
> proprietary and/or legally privileged. If you are not the intended
> recipient of this e-mail, you are hereby notified that any dissemination,
> distribution or copying of this email, and any attachments thereto, without
> the prior written permission of the sender is strictly prohibited. If you
> receive this e-mail in error, please immediately telephone or e-mail the
> sender and permanently delete the original copy and any copy of this
> e-mail, and any printout thereof.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists