[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: blocking private address ranges



I can name Comcast/ATTBI as one the passes 10/8 Addy's. Its quite funny how
you can ping other Cablemodems everywhere.
Amir Seyavash Mesry 
amirm@lsil.com 
LSI Logic Corporation 
http://www.lsilogic.com/ 
Raid Support Test Technician 
6145-D Northbelt Parkway 
Norcross, GA 30071 
678-728-1211 
NOTICE: This communication may contain privileged or other confidential
information. If you are not the intended recipient, or believe that you have
received this communication in error, please do not print, copy, retransmit,
disseminate, or otherwise use the information. Also, please indicate to the
sender that you have received this communication in error, and delete the
copy you received. Thank you.
>-----Original Message-----
>From: Chris Reining [mailto:creining@packetfu.org] 
>Sent: Monday, April 07, 2003 12:44 AM
>To: Sancho2k.net Lists
>Cc: pf@benzedrine.cx
>Subject: Re: blocking private address ranges
>
>
>On Sun, Apr 06, 2003 at 09:54:42PM -0600, Sancho2k.net Lists wrote:
>> I see a lot of sample rulesets making a point to block RFC 1918
>address 
>> ranges - but I have to ask, is it really feasible that packets with
>> these source addresses would really reach anyone's interface? Unless
>the 
>> firewall is connected to a network addressed as such, doesn't simple
>> routing by definition prevent such a possibility?  Would 
>these packets
>
>> even feasibly be routed to the network you are trying to protect?
>
>They do! It is not big news that there are ISPs that have 
>dismal ingress
>
>and egress filtering on their borders.
>