[Dshield] Architecture approach

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Tue Aug 16 03:59:57 GMT 2005


On Mon, 15 Aug 2005 22:02:43 +1200, Doug Goss said:
> I expect that that is his internal mail server - (probably Exchange) but
> not his machine's IP.  However it is close to his home.

<obi_wan>
These are not the 10.0.x.x hosts you're looking for...
</obi_wan>

It doesn't have to be close, only routable within the private space.  I've
seen networks where one end of the 10/8 is several timezones away from the other
end.

For that matter, I've seen corporate nets where there's been aqwuisition after
acquisition, and getting from one end of the net tp the othe could take you
through 5 different NATs.  And of course, this is DNS hell - the webserver's
observed address is 10.5.10.240 if you're behind THIS NAT, but it's 10.6.99.4
if you're behind the NAT behind that NAT, and so on....

(And no, the net admin was no longer anywhere near totally sane.. ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050815/796b592d/attachment.bin


More information about the list mailing list