Packets from 10.0.0.0/24
Bruno Wolff III wrote:
> While it is possible you are receiving packets that claim to come from
> 10.*.*.* addresses, most likely the source is local to your network.
> Or, perhaps, internal to your ISP. To get an attempt from an address
> like that, it'd have to be on one side of the other of your connection,
> no further away.
Actually, that isn’t necessarily true.
If you can put packets on the Internet coming *from* a 10.*.*.* address
and going *to* a routable address, they’ll probably get through fine.
There’s no way of responding to them, of course, so you can’t do TCP/IP
One legitimate case where this can happen is if an ISP uses 10.*.*.*
addresses for internal routing:
internet <---> gateway router <---> internal router <---> computers
public addresses 10.*.*.* public addresses
(Note there’s absolutely no NAT in this scenario. All packets retain the
same publicly routable source and destination IP addresses right across
Custom routes on the gateway and internal routers make this Just Work in
exactly the same way as it would if the ISP had used public addresses.
Normally, no-one will notice in the slightest, but if you traceroute a
computer on this network, you should receive responses from the 10.*.*.*
address of the internal router.
Of course, the internal router can’t make its own TCP/IP connections to
the Internet, but you wouldn’t want it to anyway.
It’s possible for other ISPs to drop these packets, of course, but most
(?) don’t for three reasons (at least for packets that haven’t come from
their own network):
* there are legitimate reasons why an Internet connection might have
very different outbound and return routes (especially where you have
asymmetric costs or bandwidth), and breaking those connections will
cost the ISP in support calls,
* that means you can already send packets across the Internet with fake
sender IP addresses: blocking a few of them doesn’t exactly stop
* it means extra work for their engineers and routers.
Hope this helps,
E-mail: james@ | … you don’t know who else your internet partner is
aprilcottage.co.uk | chatting with. There’s nothing worse than a Turing
| Test coming back positive for chlamydia.
| – http://blag.xkcd.com/2009/09/05/
users mailing list
To unsubscribe or change subscription options:
Have a question? Ask away: http://ask.fedoraproject.org
|All times are GMT. The time now is 11:34 AM.|
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.