On Sun, Apr 06, 2003 at 09:54:42PM -0600, Sancho2k.net Lists wrote: > I see a lot of sample rulesets making a point to block RFC 1918 address > ranges - but I have to ask, is it really feasible that packets with > these source addresses would really reach anyone's interface? Unless the > firewall is connected to a network addressed as such, doesn't simple > routing by definition prevent such a possibility? Would these packets > even feasibly be routed to the network you are trying to protect? They do! It is not big news that there are ISPs that have dismal ingress and egress filtering on their borders.
Description: PGP signature