FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-16-2012, 06:38 PM
James Wilkinson
 
Default Packets from 10.0.0.0/24

Bruno Wolff III wrote:
> While it is possible you are receiving packets that claim to come from
> 10.*.*.* addresses, most likely the source is local to your network.

Tim wrote:
> Or, perhaps, internal to your ISP. To get an attempt from an address
> like that, it'd have to be on one side of the other of your connection,
> no further away.

Actually, that isn’t necessarily true.

If you can put packets on the Internet coming *from* a 10.*.*.* address
and going *to* a routable address, they’ll probably get through fine.
There’s no way of responding to them, of course, so you can’t do TCP/IP
connections.

One legitimate case where this can happen is if an ISP uses 10.*.*.*
addresses for internal routing:
internet <---> gateway router <---> internal router <---> computers
public addresses 10.*.*.* public addresses

(Note there’s absolutely no NAT in this scenario. All packets retain the
same publicly routable source and destination IP addresses right across
the network.)

Custom routes on the gateway and internal routers make this Just Work in
exactly the same way as it would if the ISP had used public addresses.
Normally, no-one will notice in the slightest, but if you traceroute a
computer on this network, you should receive responses from the 10.*.*.*
address of the internal router.

Of course, the internal router can’t make its own TCP/IP connections to
the Internet, but you wouldn’t want it to anyway.

It’s possible for other ISPs to drop these packets, of course, but most
(?) don’t for three reasons (at least for packets that haven’t come from
their own network):
* there are legitimate reasons why an Internet connection might have
very different outbound and return routes (especially where you have
asymmetric costs or bandwidth), and breaking those connections will
cost the ISP in support calls,

* that means you can already send packets across the Internet with fake
sender IP addresses: blocking a few of them doesn’t exactly stop
trouble,

* it means extra work for their engineers and routers.

Hope this helps,

James.

--
E-mail: james@ | … you don’t know who else your internet partner is
aprilcottage.co.uk | chatting with. There’s nothing worse than a Turing
| Test coming back positive for chlamydia.
| – http://blag.xkcd.com/2009/09/05/
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 09:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org