[Dshield] routing 192.168...?
dcherton at aei.ca
Mon May 2 04:09:56 GMT 2005
I know that the source is not use for routing but I thought that private
addresses are suppose to be block by ISPs.
Not mandatory but, they should. After all an ISP could use that address
on their own private network ?
How can I check the TTL ? It append 28 times today. For me the source
become that private address, no routing possible.
My fisrt line is a router/firewall, everything is block, I then have
ZoneAlarm in every machine.
Chris Brenton wrote:
>On Sat, 2005-04-23 at 18:12, Daniel Cherton wrote:
>> Ping of Death Detect src:192.168.1.10:2961 dst:my-internet-ip:42617 Packet Dropped
>>anybody knows how that is possible ? I would think someone using the
>>same ISP is having fun !
>Common mis-conception. The source IP has nothing to do with how packets
>get routed on the Internet. The only thing that gets evaluated is the
>destination IP address. This did not have to come from your ISP, but
>could have come from anywhere on the Internet. Checking the TTL would
>give you an idea of how far away the source IP really was.
>Its not uncommon to see a source IP which is private, loopback, your
>legal address space, or even a legal but unallocated address. This is
>why many people filter these sources at their perimeter.
>-------------- Sponsor Message ------------------------------------
>Join us at SANSFIRE 2005 in Atlanta!
>The Internet Storm Center Conference.
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.0 - Release Date: 4/29/2005
More information about the list