[Dshield] RFC1918 addresses (was: Spam Problem)
Fitton, Robert (Bob)
Rfitton at laborready.com
Mon Jan 12 18:59:26 GMT 2004
>From: Jon R. Kibler
>Furthermore, it is not possible for a system with an RFC 1918
>address to connect to your system as RFC 1918 addresses are
>not routable on the Internet. Yes, a host can forge an
>originating address that is in private address space, but
>there is no way to send a response back to that host. Thus,
>you can never complete a TCP connection over the Internet with
>such a host.
With one exception... if the RFC1918 host is within your ISP's network, it might indeed complete a connection to your system. While working with a connectivity test program for our laptop users, I discovered that I could ping some RFC1918 IPs from a Comcast connection (with no VPN tunnel established).
Bob Fitton, Network Specialist
Labor Ready, Inc.
Tacoma, WA 98401
More information about the list