lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 17 May 2013 22:09:48 -0400
From: Gary Baribault <gary@...ibault.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: My ISP is routing traffic to private
	addresses...

There is no reason for that, you can use the same address inside as
outside so long as you don't try and reach a 10.0.0.0/8 in their
network, and that should never happen. I have seen some networks where
the inside address range is 192.168.0.0/16 or /8 and the outside is as
well, so long as your trying to reach public ranges beyond the next
outside network it works just fine.

Gary Baribault
Courriel: gary@...ibault.net
GPG Key: 0x685430d1
Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1

On 05/17/2013 04:40 PM, Carl "Thomas" Guething wrote:
> AT&T won't let you use 10.0.0.0/8 <http://10.0.0.0/8> inside your home
> network on their devices for the same reason. You will get an error if
> you try to configure their device with it.
>
>
>
> On Friday, May 17, 2013, sec wrote:
>
>     On 2013-05-17 16:17:35 (-0400), Gary Baribault wrote:
>>     The only problem is that anyone on a cable modem could access
>>     their 10.x.x.x/8 address space and frankly who cares.
>      
>     Me, if they're still not signing (much less encrypting) packets on
>     the local loop, and continuing to wish real hard that no one
>     builds serial or other debug ports—or board headers for same—into
>     "certified" cable modems.
>      
>     I have a Verizon Wireless femtocell with what looks like an HDMI
>     port on the bottom, but *probably* isn't. I've been afraid to
>     experiment, for fear of what I'd find. Embedded device security
>     continues to amuse / terrify.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ