[Dshield] RFC1918 addresses (was: Spam Problem)

Fitton, Robert (Bob) Rfitton at laborready.com
Mon Jan 12 18:59:26 GMT 2004


>From: Jon R. Kibler
[SNIP]
>Furthermore, it is not possible for a system with an RFC 1918 
>address to connect to your system as RFC 1918 addresses are 
>not routable on the Internet. Yes, a host can forge an 
>originating address that is in private address space, but 
>there is no way to send a response back to that host. Thus, 
>you can never complete a TCP connection over the Internet with 
>such a host.
>
With one exception... if the RFC1918 host is within your ISP's network, it might indeed complete a connection to your system.  While working with a connectivity test program for our laptop users, I discovered that I could ping some RFC1918 IPs from a Comcast connection (with no VPN tunnel established).

Bob Fitton, Network Specialist
Labor Ready, Inc.
Tacoma, WA 98401




More information about the list mailing list