[Dshield] Private IP addresses
security at admin.fulgan.com
Fri Jul 27 13:42:36 GMT 2001
>> My ISP doesn't bother to block 192.168 addresses on their own network,
JBU> Overall, there is nothing wrong with an ISP using 'non routable' IPs
JBU> for internal machines. The problem is to filter them out on the gateway.
JBU> An ISP should not permit any traffic to leave its network with a source
JBU> IP that is not part of its public IP range. Also, it should not allow
JBU> any traffic in that is originating from non routable IPs.
Well, a really well-rounded ISP should:
1/ Properly filter out spoofed packets, both on their gateway and in
their client first node.
2/ By default filter NetBIOS ports.
3/ Run anti-virus scanners on their mail gateway.
4/ Have someone actually READ the filter logs.
Sadly, I have failed to find ANY ISP that follows more than one of
More information about the list