Port Scan

Matthew Hawkins matthew at topic.com.au
Fri Oct 12 09:55:20 EST 2001


On Fri, 12 Oct 2001, Rasjid wrote:
> Hop 20: I didn't think that 192.168.17.1 was a routable address, or have
> I misunderstood something?  Or is this a case of IP spoofing in the act?

The RFC 1918 reserved ip ranges are not some magic unroutable numbers.
It's up to individual "enabled" people to configure their routers to
drop packets destined to or from those networks.

It's not actually a violation of the RFC to route via interfaces with
these addresses, "we advise caution when proceeding in this area" and
"It is strongly recommended that routers which connect enterprises to
external networks are set up with appropriate packet and routing filters
at both ends of the link in order to prevent packet and routing
information leakage. An enterprise should also filter any private
networks from inbound routing information in order to protect itself
from ambiguous routing situations which can occur if routes to the
private address space point outside the enterprise."

So these dorks ignore strong recommendations from RFC's.  What else is
new?

-- 
Matt




More information about the linux mailing list