[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking private address ranges



On Sun, Apr 06, 2003 at 09:54:42PM -0600, Sancho2k.net Lists wrote:
> I see a lot of sample rulesets making a point to block RFC 1918 address 
> ranges - but I have to ask, is it really feasible that packets with 
> these source addresses would really reach anyone's interface? Unless the 
> firewall is connected to a network addressed as such, doesn't simple 
> routing by definition prevent such a possibility?  Would these packets 
> even feasibly be routed to the network you are trying to protect?
They do! It is not big news that there are ISPs that have dismal ingress 
and egress filtering on their borders.

Attachment: pgp00058.pgp
Description: PGP signature