Hiding private addresses Was Re: Port Scan
rod at tpgi.com.au
rod at tpgi.com.au
Fri Oct 12 10:03:04 EST 2001
<snip>
> > Hop 20: I didn't think that 192.168.17.1 was a routable address, or have
> > I misunderstood something? Or is this a case of IP spoofing in the act?
David Gibson wrote:
>
> More likely an ISP that's using the private address for a hop inside
> their network and haven't configured their routers properly to hide it
> from the outside world.
Is the requirement to hide all private addresses completely or just to
ensure that you never exchange/advertise external routing info about
them?
We use them internally on hops that have no need for a visible IP (ie
intra router links). Traceroutes from outside do show the IP just as in
the above example but we dont advertise them outside that LAN (just
a couple of static routes).
Do we need to somehow block traceroute etc replys from these
machines as well? If so any suggestions on how?
Cheers
-RodT
More information about the linux
mailing list